Documente Academic
Documente Profesional
Documente Cultură
+1 408.369.3800
www.RedlineNetworks.com
Audience
This document assumes that the reader has knowledge of the network architecture or topology
in which the Redline Networks' E|X or T|X will be installed. This documentation is intended
for network engineers, web operations engineers, IT professionals and system administrators
who have experience with the following:
Installing, configuring and administering network equipment
Managing web traffic and connectivity
Conventions
The following conventions were used in this manual:
Notation
Example
Courier typeface
.ini file
Code Listings, names of files, symbols, and directories, are shown in Courier typeface.
Bold Courier
typeface
install
Italics
Note:
Bold Italics
Important:
Square Brackets
[version]
Angle Brackets
<username>
Bar
les | les.out
When computer output listings are shown, an effort has been made not to break up the lines
when at all possible. This is to improve the clarity of the printout; for this reason, some listings
will be indented, and others will start at the left edge of the column.
Table of Contents
About This Document .......................................................................................... 3
Audience .............................................................................................................. 3
Conventions ......................................................................................................... 3
cls ...................................................................................................................... 58
configure ............................................................................................................ 59
copy .................................................................................................................... 60
delete .................................................................................................................. 63
display ................................................................................................................ 66
exit ..................................................................................................................... 68
export ................................................................................................................. 69
gen ...................................................................................................................... 71
halt ..................................................................................................................... 73
help ..................................................................................................................... 74
history ................................................................................................................ 76
import ................................................................................................................. 77
install .................................................................................................................. 79
list ...................................................................................................................... 84
ping .................................................................................................................... 85
quit ..................................................................................................................... 86
reboot ................................................................................................................. 87
reload ................................................................................................................. 88
reset config ......................................................................................................... 89
set activen .......................................................................................................... 90
set admin audit ................................................................................................... 94
set admin cli ....................................................................................................... 95
set admin email .................................................................................................. 96
set admin interface ............................................................................................. 97
set admin log ...................................................................................................... 98
set admin netmask ............................................................................................ 100
set admin scp .................................................................................................... 101
set admin snmp ................................................................................................ 102
set admin snmp trap ......................................................................................... 104
set admin soap .................................................................................................. 106
set admin ssh .................................................................................................... 107
set admin syslog ............................................................................................... 108
set admin tcpdump ........................................................................................... 110
set admin telnet ................................................................................................ 112
set admin tftp ................................................................................................... 113
set admin tsdump ............................................................................................. 114
set admin upgrade ............................................................................................ 116
set admin vip .................................................................................................... 118
set admin webui ............................................................................................... 119
set boot ............................................................................................................. 121
set cache <name> ............................................................................................. 122
set clock ........................................................................................................... 123
set cluster <name> aaa audit ............................................................................ 124
set cluster <name> aaa authentication ............................................................. 125
set cluster <name> apprule .............................................................................. 128
set cluster <name> cache ................................................................................. 130
10
List of Tables
Optional Features ...................................................................................................... 18
add Options ............................................................................................................... 25
add user Options ....................................................................................................... 29
capture Options ......................................................................................................... 31
clear activen Options ............................................................................................... 34
clear admin Options ................................................................................................. 35
clear authentication Options ..................................................................................... 37
clear cache <name> Options..................................................................................... 38
clear cluster <name> Options ................................................................................... 39
clear cluster <name> listen ssl clientauth Options.................................................... 42
clear dns server Options............................................................................................ 44
clear forwarder <name> Options .............................................................................. 45
clear health remotehost Options ............................................................................... 47
clear log Options ....................................................................................................... 48
clear ntp server Options ............................................................................................ 49
clear redirector <name> Options .............................................................................. 50
clear server Options .................................................................................................. 52
clear slb Options ....................................................................................................... 53
clear user Options ..................................................................................................... 55
clear vlan Options ..................................................................................................... 57
copy Options ............................................................................................................. 60
delete Options ........................................................................................................... 63
display Options ......................................................................................................... 66
export Options........................................................................................................... 69
gen Options ............................................................................................................... 71
help Available Commands........................................................................................ 74
import Options .......................................................................................................... 77
list Options ................................................................................................................ 84
set activen Options.................................................................................................... 90
set admin audit Options ............................................................................................ 94
set admin cli Options ................................................................................................ 95
set admin email Options ........................................................................................... 96
set admin interface Options ...................................................................................... 97
set admin log Options ............................................................................................... 98
set admin scp options .............................................................................................. 101
set admin snmp Options.......................................................................................... 102
set admin snmp trap Options .................................................................................. 104
set admin soap Options ........................................................................................... 106
set admin ssh Options ............................................................................................. 107
set admin syslog Options ........................................................................................ 108
set admin tcp dump Options ................................................................................... 110
set admin telnet Options ......................................................................................... 112
11
12
13
14
Chapter 1. Introduction
Chapter 1.
Introduction
This manual provides a complete reference for the Command Line interface. Commands are
provided alphabetically in UNIX Manual (man) page format, and each man page has the
following sections:
Purpose: the reason for using the command
Options: all options under this command
Notes: the context for using the commands and references to other commands that may be
related
Examples: annotated examples
At the back of the manual are three appendices:
Appendix A: Glossary
Appendix B: List of Events
Appendix C: Cipher Suites
For additional information regarding the context and usage of the command set, see the T|X Web
I/O Processor Installation and Administration Guide or the E|X Enterprise Application
Processor Installation and Administration Guide.
Note: The T|X Web I/O Processor and the E|X Enterprise Application Processor are
collectively referred to as the appliance in this manual.
15
Chapter 1. Introduction
If you have not yet entered the command write, you can revert to the configuration settings
that existed before changes were made by entering the command:
ex% reload
Set commands that control the state of the E|XT|X unit take effect immediately without use of
the write command. These are:
Note: If you wish to preserve the configuration so that it becomes active again on the next bootup, you must follow these set command with a write command.
16
Chapter 1. Introduction
17
Chapter 1. Introduction
Integer-only names are assigned when no name is specified. The next available lowest integer is used for the assigned names. Example: if you add four clusters without names, the
clusters 1, 2, 3, and 4 will be created. If you then delete cluster 2, the remaining
clusters names will not change, leaving clusters 1, 3, and 4. If you then add another
cluster without a specified name, the assigned name will be 2 since this is the next lowest available integer. This is referred to as filling the holes, and is different from the previous behavior where after deleting cluster 2, the cluster numbers collapsed leaving
clusters 1, 2, and 3, and the new cluster's number would then be 4. This is because
all clusters are now referred to by name instead of index.
The cluster name is included as part of the add command on a configuration export.
The sort order for display of clusters (including tab completion) mimics sort -n behavior. This sorts the names according to arithmetic value for any and all leading numeric values in a name. Example: 23www will be listed before 3abc, and 9 will be listed before 11.
As an additional assistance for identification and purpose of clusters, redirectors, and
forwarders, a description can be applied to individual Clusters. This description is limited to
512 characters and is expected to be free-form text but may not include newlines. This allows
administrators to fully describe the Cluster's usage, contact information, warnings, or any other
pertinent information deemed necessary.
Optional Features
Certain features within the Redline product line are optional (see Table 1-1). They are enabled
through the use of a license key. If you wish to enable any of these optional features, contact
your Redline Sales Representative.
Table 1-1
Optional Features
Available on
Feature
T|X
E|X
OverDrive
HTTP Authentication
(RADIUS, LDAP)
ActiveN
Y1
Browser Compression
3G Cache
18
Chapter 1. Introduction
For more information on the WebUI, see T|X Web I/O Processor Installation and
Administration Guide or the E|X Enterprise Application Processor Installation and
Administration Guide.
19
Chapter 1. Introduction
20
Chapter 2.
Administrative Rights
The Web I/O Accelerator Command Set allows different levels or classes of user access to
provide you with better management and user accountability. These levels of access increase as
needed to perform various management tasks. The objective of this feature is to differentiate:
Administrators vs. Operators
Network administration vs. Security administration
Administrative rights are for installations with IT organizations that have a clear responsibility
division between network and security functions. They are also valuable for installations that
need different levels of administrators and operators because each class of users can perform
certain tasks but not all tasks. Essentially, the ability to support an organization that has dumb
operators vs. smart administrators.
How certain commands operate depends on the access rights a user has. He or she will get
different results depending on their class of user access. The following are the commands in this
category:
%show cluster; If a network_oper or network_admin performs a show cluster
command, he or she will not see the SSL information.
%show config
%display config
%import config
%export config; A user only gets to import/export the commands that he or she is
allowed to execute based on his/her access rights.
Access Classes
Access classes are grouped into three categories as follows:
Users
For the User class, interaction with the appliance is completely passive; nothing can be changed
on the appliance. Users can display information but not make any configuration or operational
state changes. This is useful for users in the Network Operations Center (NOC) that need to
view information on all devices, but not make any changes.
Operators
Operators have access to the management features used for daily operations, but operators are
not allowed to change any configurations. Operators can view information, make changes to the
state of services, and enable or disable target servers. Operators are not able to severely impact
appliance operation.
Administrators
Administrators are the only ones that are allowed to make permanent changes to the appliance
configuration. Only administrators can access functions to configure and troubleshoot problems
on the appliance.
21
Passwords
Access to the appliance is controlled by a unique username and password combination. The
characteristics of the username and password are:
The username and password are case-sensitive.
The length of the username is:
4 characters minimum
16 characters maximum
The length of the password is:
6 characters minimum
128 characters maximum
The word all is a reserved word and cannot be used as a username.
The username redline is a reserved word and is the default Administrator for the appliance.
A user may be assigned one or more Roles, as described in the section Roles below.
A user can be assigned more then one role.
You can have more than one user assigned to a role, including the Administrator.
Roles
These are the different roles that can be assigned to a user:
Administrator: administrator
A user with the role Administrator can execute all commands. There is a default
Administrator with the reserved name redline that cannot be deleted. During the initial setup,
the appliance prompts for the password for the administrator redline. Once you have logged
in as the Administrator redline, you can assign the Administrator role to other users. Only
the Administrator can set up user accounts for different levels of access.
Network Administrator: network_administrator
A user with the role Network Administrator can execute all commands, except SSL-related
features.
Network Operator: network_operator
A user with the role Network Operator can execute all read commands and enable or disable
the following:
Target Servers
State of services:
Server
Telnet
Web UI
SSH
SNMP
22
A user with the role Security Administrator can execute all SSL-related features only.
Security Operator: secure_operator
A user with the role Security Operator can execute all read commands for SSL features only.
User: user
A user with the role User can view all status information and statistics, but cannot make any
configuration changes or service state changes to the appliance. This is extremely useful for
customers with a Network Operations Center (NOC) that has operators that should only view
information about the appliances.
Administrative Management
Management of the appliance is subject to these limitations. For this discussion, the term user
does not refer to the access class User as previously defined, but rather a person that
administers the appliance.
Administrator Rights
Only the Administrator can create a user and define the roles for that user.
The Administrator can disable a users access and delete the user completely.
The Administrator can also change the password of any user.
The Administrator can assign and clear roles.
Pressing the password reset button at the back of the appliance clears the password for
the default administrator redline.
Each user can change his/her own password using the existing %set password command, while logged in.
An alert event is sent when a user fails to log on three consecutive attempts.
Passwords and user information are not exported as part of an export configuration
operation, but can be exported using the export user command. For detailed information on
the export commands, see export on page 69.
23
24
Chapter 3.
Command Reference
add
Purpose
Use the add command to create a new ActiveN blade, group, cluster, forwarder, redirector, user,
server load balancer, or a route.
Roles
add
Role
activen blade
activen group
cache
cluster
ether
floatingvip
Admin
Network Admin
Network Operator
Security Admin
Security Operator
User
add
Role
forwarder
redirector
route
slb group
sync group
user
Admin
Network Admin
Network Operator
Security Admin
Security Operator
User
Options
The options shown in Table 3-1 can be entered after the add command.
Table 3-1
add Options
Options
blade1
Value
Description
Adds a new ActiveN blade. An index
is returned.
See the ActiveN chapter of the In-
<real IP>
activen
group1 [name]
<ip:port>
Adds a new ActiveN group with optional name and VIP and port.
See the ActiveN chapter of the In-
25
Table 3-1
add Options
Options
Value
cache
cluster
ether
<name>
<name>
<id>
1
Description
subnet
<ip>
<netmask>
floatingvip
<ip>
forwarder
<name>
redirector
<name>
route
slb
group
<name>
<ip:port>
<name>
sync
group
<name>
user
<memberid>
<name>
Notes
The add user command takes effect immediately. The remainder of the commands do not take
effect until after a write operation.
Examples
add cluster marketing
Add a new cluster with the name marketing. The response will be:
tx2% add cluster marketing
Created cluster marketing
(*) tx2% add cluster marketing
Error: duplicate name marketing
You can then set the attributes of the cluster.
26
add cluster
Add a new cluster without a specified name; a default name will be assigned. The response
will be:
tx2% add cluster
Created cluster <default name>
(*) tx2%
You can then set the attributes of the cluster.
add forwarder
Add a new forwarder without a specified name. The response will be:
tx2% add forwarder
Created forwarder <default name>
(*) tx2%
You can then set the attributes of the forwarder.
add redirector webhost
Add a new redirector with the name webhost. The response will be:
tx2% add redirector webhost
Created redirector webhost
(*) tx2%
You can then set the attributes of the redirector.
add slb group natgroup 100.100.100.100:20
Adds a new Server Load Balancer group with the name natgroup. The response will be:
tx2% add slb group natgroup 100.100.100.100:20
Group natgroup added
(*) tx2%
add cache secureImages-01_01
Adds a 3G Cache named secureImages-01_01
tx2% add cache secureImages-01_01
Cache secureImages-01_01 added
(*) tx2%
27
add route
Purpose
add route
Admin
Network Admin
Network Operator
Security Admin
Security Operator
User
Options
to use.
The default is set to 255.255.255.255, which represents a host route.
Notes
None
Examples
add route 66.12.13.5 192.168.0.10
Adds a static route to the host 66.12.13.5 through gateway 192.168.0.10.
add route 66.12.13.0 192.168.0.10 255.255.255.0
Adds a static route to the network 66.12.13.0/24 through gateway 192.168.0.10.
28
add user
Purpose
Use the add user command to add a new user for managing the T|X or E|X.
Roles
Role
Admin
add user
X
Network Admin
Network Operator
Security Admin
Security Operator
User
Options
The options shown in Table 3-2 can be entered after the add user command.
Table 3-2
Options
Description
<blank>
Adds a new user for managing the T|X or E|X. User name will be prompted.
<username>
Adds a new user for managing the T|X or E|X with the <username> specified. The user
name must between four and sixteen characters long.
Notes
The user is added immediately after executing this command without using a write operation.
After adding the new user, you will need to assign a role, set the password, and enable the user
to complete the process. A new user without a role assigned will have very limited rights and
can only access the following commands:
%cls
%exit
%help
%history
%quit
%set password
%show cluster
%show commands
%show forwarder
%show hostname
%show redirector
%show servers
%show support
%show ua
%show version
%who
%whoami
29
The role of the new user as displayed by the commands %show user and %whoami is
(none).
Examples
add user ralph
Add a new user with the user name ralph. An example of the output is:
tx6% add user ralph
User ralph has been added. Please perform the following
to complete the addition of this user:
- set a password
- enable the user
- assign a role (optional)
add user
Adds a new user. The CLI will prompt for the user name.
30
capture
Purpose
Use the capture command to capture data entered on the screen into a file on the appliance.
This command is used to capture login banners, SSL keys or certificates, or license information
from the terminal into the appliance. Note that the roles required to execute the various capture
commands depend on what is being captured.
Roles
capture
Role
Admin
file
license
loginbanner
Network Admin
Network Operator
Security Admin
Security Operator
User
Options
The options shown in Table 3-3 can be entered after the capture command.
Table 3-3
Options
file
capture Options
Value
<filename>
Description
Captures an SSL key or certificate from the terminal into
the appliance.
license
Installs the license key for the appliance. The source can
be the console, telnet, or SSH.
loginbanner
Notes
This operation is used for capturing login banners, SSL keys, SSL Certificates, and the license
key for the appliance into a file. To capture the file, you paste the contents of the file into the
console and then end the file with a period on a blank line.
The login banner allows for some print-style substitutions, as follows:
%h
%d
%s
%v
%b
%%
hostname
date
system (Redline Networks)
product version
product build id
show the percent character
When the banner display encounters one of these substitution strings, it extracts the information
from the appropriate place in the operating system and displays it. This information cannot be
changed by the user.
31
Note: You can put HTML in your login banner, and it will display correctly on the
WebUI. However, the appliance does not parse out HTML code when displaying the
banner on the Command Line Interface, so the HTML code will be displayed along
with the desired banner.
Examples
capture file my_key
Start by capturing an SSL Key from the terminal and name it my_key. You will need to
paste the content of the file and end the file with a period on a blank line. An example of the
output is:
2200% capture file my_key
Enter file. End with period on a blank line.
-----BEGIN CERTIFICATE----MIIDejCCAuOgAwIBAgIBADANBgkqhkiG9w0BAQQFADCBizELMAkGA
EjAQBgNVBAgTCURFTU8gT05MWTESMBAGA1UEBxMJREVNTyBPT
EwlERU1PIE9OTFkxEjAQBgNVBAsTCURFTU8gT05MWTESMBAGA1
TkxZMRgwFgYJKoZIhvcNAQkBFglERU1PIE9OTFkwHhcNMDIwMzA1
MDIwMzA2MjM1MzAxWjCBizELMAkGA1UEBhMCWFgxEjAQBgNVBA
WTESMBAGA1UEBxMJREVNTyBPTkxZMRIwEAYDVQQKEwlERU1P
BAsTCURFTU8gT05MWTESMBAGA1UEAxMJREVNTyBPTkxZMRgw
FglERU1PIE9OTFkwgZ8wDQYJKoZIhvcNAQEBBQADgY0AMIGJAoG
HkubHFrpC1tub2CEANVBJsXfk/n8rIe/JlXCm2Gv1Q85Fk6pWh8P597r
gQE/1xBaSEwJv4GuVPtfcGyG8PJmAkoO0d/OkYsYHlZJG7aIMmJB1
mFIgT9EJ7nZAyE/Rb1p6dmJBNZYtOMaXAgMBAAGjgeswgegwHQY
MnFJOsgvF3B4HuaX9fBBDk9xMIG4BgNVHSMEgbAwga2AFCCeMn
9fBBDk9xoYGRpIGOMIGLMQswCQYDVQQGEwJYWDESMBAGA1U
MRIwEAYDVQQHEwlERU1PIE9OTFkxEjAQBgNVBAoTCURFTU8gT
CxMJREVNTyBPTkxZMRIwEAYDVQQDEwlERU1PIE9OTFkxGDAW
CURFTU8gT05MWYIBADAMBgNVHRMEBTADAQH/MA0GCSqGSIb
L8dbydfkNbydH3wHcF5uUuLG5rajGzput7GrQEjKUmKEB+bI/VIRbPQ
W0FOiR7MsY64y5cbpMoGrfZ2qNgNKF+i6WLlmTfh4+1tKiCMnhTRP
hivbsYqWBdOFwrkqAUapuUDwctaAxV2pwJos47IO
-----END CERTIFICATE----.
2200% list file
democert
demokey
my_key
capture license
Installs the license key for the appliance by capturing the license key text. The key text either
can be typed in or pasted from the console, telnet, or SSH.
capture loginbanner
Unauthorized access to or use of this system is prohibited.
All access and use may be monitored and recorded.
.
Sets the login banner to: Unauthorized access to or use of this system is prohibited.
All access and use may be monitored and recorded.
32
hostname: tx5.redlinenetworks.com
date: Tue Jul 20 19:18:32 PDT 2004
system: Redline
version: 3.3.7
build id: 0
Sets the login banner to show critical parameters.
33
clear activen
Purpose
Use the clear activen commands to clear ActiveN server settings. This includes resetting the
member IP Address or statistics for a group, and removing a complete ActiveN Group. This
command can also be used to disassociate a blade from a group, or clear the statistics for a
blade.
Roles
Role
clear activen
Admin
Network Admin
Network Operator
Security Admin
Security Operator
User
Options
The options shown in Table 3-4 can be entered after the clear activen command.
Table 3-4
Options
Value
blade
<ip | all>
failover
bindaddr
group
<none | all>
Description
stats
blade
<ip | all>
stats
stats
Notes
34
clear admin
Purpose
Use the clear admin command to clear administrative settings such as TFTP, SCP, syslog,
E-mail, interface, TSDump, TCPDump, and logging.
Roles
Role
clear admin
Admin
Network Admin
Network Operator
Security Admin
Security Operator
User
Options
The options shown in Table 3-5 can be entered after the clear admin command.
Table 3-5
Options
email
Value
Description
defaultmailto
interface
log
scp
snmp
syslog
tcpdump
tftp
tsdump
mailto1
mailto2
syslog
server
username
trap host
1|2
facility
host1
host2
mailto1
mailto2
server
mailto1
mailto2
35
Notes
36
Role
Admin
Network Admin
Network Operator
Security Admin
Security Operator
User
Options
The option shown in Table 3-7 can be entered after the clear authentication command.
Table 3-6
Options
cache
Description
Clears the authentication cache.
Notes
The settings made by this command will only take effect after a write operation.
Examples
37
clear cache
Purpose
Use the clear cache <name> command to clear statistics or cache objects for the named cache.
Roles
Role
Admin
Network Admin
Network Operator
Security Admin
Security Operator
User
Options
The option shown in Table 3-7 can be entered after the clear cache command.
Table 3-7
Options
Value
Description
<blank>
stats
Notes
The settings made by this command will only take effect after a write operation.
Examples
clear cache secureImages stats
Clears the statistics for the named cache.
clear cache secureImages
Clears all objects and statistics from the named cache.
38
Use the clear cluster <name> command to clear cluster options, or the certfiles, passwords,
and the keyfiles associated with the SSL traffic of a listener or target.
Roles
clear cluster <name>
Role
aaa authentication
apprule
cache
description
health
Admin
Network Admin
Network Operator
Security Admin
Security Operator
User
clear cluster <name>
Role
Admin
listen
target host
target localip
target ssl
weblog
Network Admin
Network Operator
Security Admin
Security Operator
User
Options
The options shown in Table 3-8 can be entered after the clear cluster <name> command.
Table 3-8
Option
Value
ldap
base-dn
gid
server N ip
ssl
aaa
authentication
cacertfile
uid
server N ip
Clears the IP address of the Radius server for the cluster. N is either 1 or 2.
server key
radius
realm
Description
39
Table 3-8
Option
aaa
authentication
apprule
Value
redirect
Description
host
protocol
url
response text
ruleset
cache
description
health
listen
size
string
ssl
certfile
clientauth 1
ephkeyfile
ephkeypass
keyfile
keypass
stats
<ip:port>
all
<ip>
target
certfile
keyfile
keypass
copy time
<1 | 2 | 3>
scp
keyfile
host
ssl
batch
weblog
syslog
1.This command is only available on the E|X Enterprise Application Processor product line.
Notes
None
40
Examples
clear cluster 1 listen ssl certfile
Clears the certfile for listen traffic on the cluster.
clear cluster 1 health string
Clears the string to check for content health checking.
clear cluster 1 apprule ruleset
Clears the apprule ruleset for Cluster 1.
41
Use the clear cluster <name> listen ssl clientauth command to clear out a CA cert file, CA
CRL file, or a CA trusted certificate. This feature is only available on the E|X Enterprise
Application Processor product line.
Use the clear cluster <name> listen ssl ephkeyfile and clear cluster <name> listen ssl
ephkeypass commands to clear out an ephemeral key file name and ephemeral key password.
This feature is available on both the T|X Web I/O Processor and the E|X Enterprise Application
Processor.
Roles
clear cluster <name>
listen ssl
Role
Admin
Network Admin
Network Operator
Security Admin
Security Operator
User
Options
The options shown in Table 3-9 can be entered after the clear cluster <name> listen ssl
command.
Table 3-9
clientauth
Description
1
Clears the value of the certificate file, making this field empty.
cacertfile 1
Clears the value of the CA certificate file, making this field empty.
cacrflfile 1
Clears the value of the CA CRL file, making this field empty.
catrustfile 1
Clears the value of the CA trusted file, making this field empty.
ephkeyfile
ephkeypass
keyfile
keypass
Clears the listen-side SSL keypass (pass phrase) for the cluster.
1.This feature is only available on the E|X Enterprise Application Processor product line.
Notes
None
42
Example
clear cluster 1 listen ssl clientauth cacertfile
Clears the CA certificate file for listen traffic on cluster 1.
43
Use the clear dns server command to clear a specific DNS server or all DNS server settings.
Roles
Role
Admin
Network Admin
Network Operator
Security Admin
Security Operator
User
Options
The options shown in Table 3-10 can be entered after the clear dns server command.
Table 3-10
Options
Description
all
Notes
None
Examples
clear dns server 1
Clears DNS server 1.
clear dns server all
Clears all DNS servers.
44
Use the clear forwarder <name> command to remove the target hosts from the forwarder.
Use the clear forwarder <name> target host command to remove a target host from the
forwarder.
Roles
clear forwarder <name>
Role
description
name
listen
stats
target
Admin
Network Admin
Network Operator
Security Admin
Security Operator
User
Options
The options shown in Table 3-11 can be entered after the clear forwarder <name> command.
Table 3-11
Options
Value
Description
Clears a description associated with a forwarder. For more information, see set forwarder <name> on page 165.
description
listen
ssl
certfile
clientauth
ephkeyfile
ephkeypass
keyfile
keypass
Clears the listen-side SSL keypass (pass phrase) for the forwarder.
stats
target
<ip: port>
all
localip <ip>
target
ssl
keyfile
the target-side SSL L keypass (pass phrase) for the forwardkeypass Clears
er.
45
Notes
None
Examples
clear forwarder 1 target host 10.10.10.10:80
Clears all target settings for host 10.10.10.10.
clear forwarder 1 target host all
Clears all target all server settings.
46
Use the clear health remotehost command to remove an IP address from Connectivity
Failover health check.
Roles
Role
Admin
Network Admin
Network Operator
Security Admin
Security Operator
User
Options
The options shown in Table 3-12 can be entered after the clear health remotehost command.
Table 3-12
Option
Value
host
[ip]
Description
Removes an IP address from Connectivity Failover health check.
Notes
None
Examples
None
47
clear log
Purpose
Use the clear log command to clear entries from the Audit, System, and Apprule logs.
Roles
clear log
Role
audit
system
apprule
Admin
Network Admin
Network Operator
Security Admin
Security Operator
User
Options
The options shown in Table 3-13 can be entered after the clear log command.
Table 3-13
Options
Description
apprule 1
audit
system
1.This feature is only available on an E|X Enterprise Application Processor with an OverDrive license.
Notes
None
Examples
None
48
Use the clear ntp server command to clear a specific NTP server or all NTP servers.
Roles
Role
Admin
Network Admin
Network Operator
Security Admin
Security Operator
User
Options
The options shown in Table 3-14 can be entered after the clear ntp server command.
Table 3-14
Options
Description
all
Notes
None
Examples
clear ntp server 1
Clears the NTP server 1.
clear ntp server all
Clears all NTP servers.
49
Use the clear redirector <name> command to clear out redirector options, or the certfiles,
passwords, and keyfiles associated with the SSL traffic of a redirector. This feature is only
available on the E|X Enterprise Application Processor product line.
Roles
Role
clear redirector
Admin
Network Admin
Network Operator
Security Admin
Security Operator
User
Options
The options shown in Table 3-15 can be entered after the clear redirector <name> command.
Table 3-15
Options
Value
customURL
description
host
listen
certfile
clientauth
ephkeyfile
ephkeypass
keyfile
keypass
ssl
stats
Notes
None
50
Description
Examples
clear redirector 1 listen ssl certfile
Clears certfiles for listen traffic on the redirector.
clear redirector 1 customURL
Clears the custom URL string for the redirector.
51
clear server
Purpose
Use the clear server command to clear server statistics or a custom IP log header.
Roles
clear server
Role
customiplogheader
reversepath
stats
Admin
Network Admin
Network Operator
Security Admin
Security Operator
User
Options
The options shown in Table 3-16 can be entered after the clear server command.
Table 3-16
Options
Value
Description
customiplogheader
Clears the HTTP header for reporting client IPs to the target server.
reversepath
entry
<ip | all>
stats
Notes
None
Examples
clear server stats
Clears all server statistics, including I/O, HTTP, and SSL statistics of the server.
clear server customiplogheader
Clears a servers custom IP log header.
52
clear slb
Purpose
Use the clear slb command to clear parameters related to the internal Server Load Balancer.
Roles
clear slb
Role
group
stats
Admin
Network Admin
Network Operator
Security Admin
Security Operator
User
Options
The options shown in Table 3-17 can be entered after the clear slb command.
Table 3-17
Value
Description
Clears all parameters for the Failover
mechanism.
failover
stats
group
<name | all>
targethost
stats
<blank>
stats
Notes
The clear slb group <name> targethost command will only take effect after a write operation.
All others take effect immediately.
Examples
clear slb stats
Clears server-wide SLB statistics.
clear slb group1 target host all
Removes all target hosts from group1.
53
Use the clear sync group command to clear a synchronization group for configuration
synchronization.
Roles
Role
Admin
Network Admin
Network Operator
Security Admin
Security Operator
User
Options
None
Notes
The settings made by this command will only take effect after a write operation.
Examples
None
54
clear user
Purpose
Use the clear user command to remove one or more roles from a user.
Roles
Role
clear user
Admin
Network Admin
Network Operator
Security Admin
Security Operator
User
Options
The options shown in Table 3-18 can be entered after the clear user command.
Table 3-18
Options
<username>
all
Value
role
role
Description
<role1 role2...>
<role1 role2...>
Notes
This command will not modify the default redline user or the user with the administrators
role who is making the changes.
55
Examples
clear user bmartino role administrator
Removes the administrator role from the user bmartino.
Clear user bmartino role administrator security_administrator
Removes the administrator and security_administrator roles from user bmartino.
56
clear vlan
Purpose
clear vlan
Admin
Network Admin
Network Operator
Security Admin
Security Operator
User
Options
The options shown in Table 3-19 can be entered after the clear vlan command.
Table 3-19
Options
Value
Description
all
default
ip
<ip | all>
Clears the assignment of a VLAN tag to all the packets going from or to this IP address or all addresses
range
<startip-endip | all>
tag
<tag>
Notes
The settings made by this command will only take effect after a write operation.
Examples
clear vlan id 192.168.10.100
Clears the assignment of a VLAN tag to all the packets going to or from the IP address
192.168.10.100.
clear vlan range 192.168.10.100-192.168.10.200
Clears the assignment of VLAN tags to all the packets going to or from the range of IP addresses 192.168.10.100 to 192.168.10.200.
57
cls
Purpose
cls
Admin
Network Admin
Network Operator
Security Admin
Security Operator
User
Options
None
Notes
None
Example
cls
Clears the screen.
58
configure
Purpose
configure
Admin
Network Admin
Network Operator
Security Admin
Security Operator
User
Options
None
Notes
None
Example
configure
Reruns the configuration walk-through.
59
copy
Purpose
Use the copy command to copy configurations, files, and captured TCPDump information.
Roles
copy
Role
config
file
tcpdump
Admin
Network Admin
Network Operator
Security Admin
Security Operator
User
X
X
Options
The options shown in Table 3-20 can be entered after the copy command.
Table 3-20
Options
copy Options
Value
Description
Use copy config to:
Copy configurations from the appliance to a remote location or from a remote
location to the appliance via TFTP or SCP.
Display the CLI commands needed to re-create the configuration on the terminal screen.
Reset the configuration to factory defaults.
config
<src>
<dst>
60
Table 3-20
copy Options
Options
Value
Description
Use copy file to:
Display the contents of the file on the terminal screen
Capture a SSL key or certificate as a file onto the appliance
file
<src>
<dst>
tcpdump
Use copy tcpdump to send the TCPDump information via E-mail, SCP, or
TFTP as configured in the TCPDump destination using the command:
set admin tcpdump transport [scp|tftp|smtp]
Notes
61
Examples
copy tcpdump
Copies a previously captured TCPDump to a remote location via configured destinations,
such as TFTP, SCP, or E-Mail.
copy config memory tftp://mytftpserver.domain.com/tx_config
Exports TX configuration to an external host named mytftpserver.domain.com using the
filename tx_config.
copy config scp://myscpserver.domain.com/tx_config memory
Imports a TX configuration from an external host named myscpserver.domain.com using the
filename tx_config into memory.
copy config tftp://mytftpserver.domain.com/tx_config memory
Imports a TX configuration from an external host named mytftpserver.domain.com using the
filename tx_config into memory.
copy config memory terminal
Dumps all commands needed to re-create the configurations onto the screen.
copy config factory memory
Resets the appliance to factory settings.
copy file terminal mycert
Captures information that you provide on the screen to a file called mycert; an example is
to import an SSL certificate or key into the appliance.
copy file democert terminal
Displays the content of the file democert on the screen.
62
delete
Purpose
Use the delete command to delete clusters, forwarders, redirectors, routes, configurations, files,
login banners, server load balancers, and users.
Roles
delete
Role
activen
cache
cluster
config
ether
file
floatingvip
Admin
Network Admin
Network Operator
Security Admin
Security Operator
User
delete
forwarder
login
banner
redirector
route
slb
group
sync
group
user
Admin
Network Admin
Role
Network Operator
Security Admin
Security Operator
User
Options
The options shown in Table 3-21 can be entered after the delete command.
Table 3-21
delete Options
Options
Value
Description
blade
group
<name | all>
activen1
cache
<name>
<cluster name>
all
config
<saved_config>
ether
<id>
cluster
subnet
<ip>
<netmask>
63
Table 3-21
delete Options
Options
file
Value
<filename>
Description
Deletes a floating VIP.
<forwarder name>
all
loginbanner
all
route
<id | all>
Deletes the specified route. Show route provides the route number (id).
slb group
<name | all>
Deletes a Server Load Balancer group specified by name. Using all will delete all SLB
groups.
<name>
redirector
member
<memberid>
Removes a member from the synchronization group. <memberid> is either <hostname:port> or <ip:port>.
all
<user_name>
all
user
Notes
The settings made by this command will only take effect after a write operation.
Examples
delete cluster all
Deletes all clusters from the appliance configuration.
delete cluster 2
Deletes cluster 2.
delete forwarder all
Deletes all forwarders from the appliance configuration.
64
65
display
Purpose
Use the display command to display either the CLI commands required to create the current
configuration or contents of a file.
Roles
display
Role
config
file
loginbanner
users
Admin
Network Admin
Network Operator
Security Admin
Security Operator
User
Options
The options shown in Table 3-22 can be entered after the display command.
Table 3-22
display Options
Options
Value
config
file
Description
<filename>
loginbanner
Displays the banner in its raw form. Substitution strings are shown
in their normal form (%h) instead of the substitution form (hostname).
users
Notes
None
Examples
display config
Displays the current working configuration.
display file my_ssl_key
Displays the contents of the SSL key name my_ssl_key.
66
display users
Displays the commands needed to recreate the user accounts:
# Redline Config Version 3.1
add user admin1
add user network_admin1
add user secure_admin1
add user network_oper1
add user secure_oper1
add user user1
set user redline password .l/IprUWmZsLw
set user admin1 password $1$btxql$IW7LnNDoRveFGYc5Xk.j4.
set user admin1 role administrator
set user network_admin1 password $1$OvDCI$Rsyx648FMA.6aeYocjNkn0
set user network_admin1 role network_administrator
set user secure_admin1 password $1$C..S4$5UshV3.tQDDJ20PLLGvAl/
set user secure_admin1 role security_administrator
set user network_oper1 password $1$HqVyR$7nnLOouu7LV7y.C3IUAn9/
set user network_oper1 role network_operator
set user secure_oper1 password $1$LxjHg$VoYh7rio7q.Lfsl.vrwGe0
set user secure_oper1 role security_operator
set user user1 password $1$iYjOi$LiguOtuaOWbMrHSVNpq7e0
set user user1 role user
set user redline enabled
set user admin1 enabled
set user network_admin1 enabled
set user secure_admin1 enabled
set user network_oper1 enabled
set user secure_oper1 enabled
set user user1 enabled
67
exit
Purpose
exit
Admin
Network Admin
Network Operator
Security Admin
Security Operator
User
Options
None
Notes
68
export
Purpose
Use the export command to export configurations and user accounts from the appliance to a
remote server via TFTP or SCP.
Roles
export
Role
config
log
ruleset
snapshot
users
Admin
Network Admin
Network Operator
Security Admin
Security Operator
User
Options
The options shown in Table 3-23 can be entered after the export command.
Table 3-23
export Options
Options
config
Value
Description
Exports a configuration from the appliance to a remote location via TFTP or
SCP.
<dst>
apprule 1
<dst>
Exports the apprule event log from the appliance to a remote location via
SCP (only).
audit
<dst>
Exports the audit event log from the appliance to a remote location via SCP
(only).
system
<dst>
Exports the system event log from the appliance to a remote location via
SCP (only).
ruleset 1
<src>
<dst>
Exports the OverDrive AppRule rule set from the appliance to a remote
location via TFTP or SCP.
snapshot
system
<dst>
users
<dst>
log
Exports user accounts from the appliance to a remote location via TFTP or
SCP.
1.This feature is only available on an E|X Enterprise Application Processor with an OverDrive license.
Notes
69
and
set admin scp server <servername>
Examples
export config tftp://192.168.40.228/tx_config
Exports the configuration from the appliance to the TFTP server with an IP address of
192.168.40.228 and names the configuration file tx_config.
export log scp://192.168.40.228/tx_log
Exports the event log from the appliance to the SCP server with an IP
address of 192.168.40.228, using the file named tx_log.
export log audit scp://192.168.40.228/audit
Exports the audit trail from the appliance to the SCP server with an IP
address of 192.168.40.228, using the file named audit.
export ruleset <name> tftp://192.168.40.228/ruleset
Exports the OverDrive Application Rules ruleset from the appliance to the TFTP server with
an IP address of 192.168.40.228, using the file named ruleset.
70
gen
Purpose
Use the gen command to generate an SSL private key, an SSL certificate signing request, or an
SSL self-signed certificate.
Roles
Role
Admin
gen
X
Network Admin
Network Operator
Security Admin
Security Operator
User
Options
The options shown in Table 3-24 can be entered after the gen command.
Table 3-24
gen Options
Options
Value
Description
cac
csr
<key file>
key
<key file>
ssc
<key file>
<csr file>
Notes
You will be prompted for such information as country, state, department, etc. for the certificate.
Refer to the Setting up T|X (or E|X) for SSL Traffic chapter of the Installation and
Administration Guide.
Examples
gen key
Generates an SSL private key.
gen ssc my_key my_ssc
Generates an SSL self-signed certificate. The input is the SSL private key, my_key and the
output is an SSL Self-signed Certificate, my_ssc.
71
72
halt
Purpose
The halt command provides you with a graceful mechanism for powering down the appliance.
The file system is mounted with read/write capabilities, and shutting the appliance down using
the halt command reduces the possibility of file system corruption.
Roles
Role
halt
Admin
Network Admin
Network Operator
Security Admin
Security Operator
User
Options
None
Notes
After you type in the halt command, a confirmation message will be displayed:
Warning: This device will now shutdown.
Are you sure you want to continue (y/n)? [n] y
Shutting Down. Please wait 30 seconds before unplugging the
power cord once the appliance is halted.
Examples
None
73
help
Purpose
help
Admin
Network Admin
Network Operator
Security Admin
Security Operator
User
Options
None
Notes
As shown in Table 3-25, you will receive a list of the top high-level commands.
Table 3-25
add
exit
list
ssldump
capture
export
ping
tcpdump
clear
gen
quit
tsdump
cls
halt
reboot
upgrade
configure
help
reload
wall
copy
history
reset
who
delete
import
set
whoami
display
install
show
write
If you then type help in conjunction with a command that has a sub-command, you will receive
a list of all sub-commands.
74
Example
help set
Displays a list of all the set sub-commands:
activen
admin
boot
clock
cluster
dns
ether
forwarder
hostname
ntp
password
redirector
route
server
timezone
user
75
history
Purpose
history
Admin
Network Admin
Network Operator
Security Admin
Security Operator
User
Options
None
Notes
None
Example
history
Displays the command history:
tx% history
[0] set admin snmp community ip 192.168.40.01
[1] set admin snmp community ip 192.168.40.0
[2] write
[3] set admin snmp trap host 1 version 2
[4] reload
[5] show admin snmp
[6] set cluster 1 target host 10.0.81.60:80 enabled
[7] write
[8] show admin snmp
[9] show version
[10] show version
[11] show cluster 1
[12] show cluster 1 stats
[13] show cluster 1
[14] show user admin1
[15] show user network_admin1
[16] show user secure_admin1
[17] show user network_oper1
[18] show user secure_oper1
[19] show user user1
[20] show version
[21] display users
76
import
Purpose
Use the import command to import configurations and user accounts to the appliance via TFTP
or SCP.
Roles
import
Role
config
license
ruleset
system
users
Admin
Network Admin
Network Operator
Security Admin
Security Operator
User
Options
The options shown in Table 3-26 can be entered after the import command.
Table 3-26
import Options
Options
Value
Description
config
<src>
license
<src>
ruleset 1
<src>
<src>
<src>
snapshot
users
system
1.This feature is only available on an E|X Enterprise Application Processor with an OverDrive
license.
Notes
The import config and import license commands require a write operation in order to have
the changes take effect. In addition, export config operations do not export user accounts. Use
export users to export user accounts.
The import users command takes effect immediately, and does not require a write operation.
The import ruleset command takes effect immediately, and does not require a write operation.
The ruleset is checked for correct syntax and then saved on the device.
77
It is important to note that the SSL keys and certificates are not exported during an export
config operation. When importing a configuration, you must either make sure that the required
SSL keys and certificates are already installed on the appliance, or install them before use.
Examples
import config tftp://192.168.40.228/tx_config
write
Imports a configuration named tx_config from the TFTP server with an IP address of
192.168.40.228.
import config scp://192.168.40.228/tx_config
write
Imports a configuration named tx_config from the SCP server with an IP address of
192.168.40.228.
import ruleset scp://192.168.40.228/my_ruleset
write
Imports a configuration named my_ruleset from the SCP server with an IP address of
192.168.40.228.
78
install
Purpose
Use the install command to download and install new firmware to the non-active partition.
Roles
Role
Admin
install
X
Network Admin
Network Operator
Security Admin
Security Operator
User
Options
None
Notes
The install procedure preserves the current version of the firmware and downloads the
firmware to the non-active partition. The TFTP or SCP server and the filename to install from
must be set as:
set admin tftp server <tftp server> or
set admin scp server <scp server>
set admin upgrade filename <pac file filename>
If your active partition is currently partition 1, the install command will install the new
firmware into partition 2. This lets you test the new firmware and revert to the original firmware
stored in partition 1, if required.
The install operation will preserve the following information:
SSH keys
User names and passwords for the administrative users
Generated certificates
Network settings, including static routes
AppRule rulesets (on appliances that have an OverDrive license)
The install operation also allows the option to preserve the following configuration settings. On
first boot to a new partition, you can choose to import these configuration settings:
79
Telnet
SSH
SNMP
Web UI
After the import operation, you will be prompted to save the configurations using the write
operation. Admin services (e.g., server, WebUI, SSH, etc.) will also be prompted to start
accordingly, based on their state before the install operation was executed.
Example
install
Installs new firmware to the non-active partition. After running install, setting the boot partition, and then rebooting, there are four questions that are asked during the first login. Those
questions are:
Would you like to import your users? (y/n)? [y]
Would you like to import your previous configuration? (y/n)? [y]
Would you like to save your imported configuration? (y/n)? [y]
Would you like to restart your services? (y/n)? [y]
These are discussed in detail in the Installation and Administration Guide.
This is an example of the entire login sequence, answering yes to the four questions.
Would you like to import your users? (y/n)? [y] y
set user redline password $1$Hvm8g$9aBReiOCaf/mCT96mVF2h/
set user redline enabled
Would you like to import your previous configuration? (y/n)? [y]
copy config factory memory
set dns domain redlinenetworks.com
set dns server 1 192.168.0.2
set ether 0 ip 10.0.71.100
set ether 0 media autoselect
set ether 0 mtu 1500
set ether 0 netmask 255.255.255.0
set ether 1 ip 10.10.1.2
set ether 1 media 100baseTX full-duplex
set ether 1 mtu 1500
set ether 1 netmask 255.255.255.0
set hostname tx70.redlinenetworks.com
set route default 10.0.71.1
set timezone America/Los_Angeles
set ntp server 1 192.168.0.2
set admin syslog facility LOG_USER
set admin syslog port 514
set admin tftp server qa
set admin upgrade filename ex3200/install/RLS_4_0_0.pac
set admin upgrade transport tftp
set admin audit showcmd disabled
set admin netmask 255.255.255.255
set admin log memory ALERT
set admin snmp community ip 192.168.0.0
set admin snmp community name public
80
set
set
set
set
set
set
set
set
set
set
set
set
set
set
set
set
set
set
set
set
set
set
set
set
set
set
set
set
set
set
set
set
set
set
set
set
set
set
set
set
set
set
set
set
set
set
set
set
set
set
set
set
81
set
set
set
set
set
set
set
set
set
set
set
set
set
set
set
set
set
set
set
set
set
set
set
set
set
set
set
set
set
set
set
set
set
set
set
set
set
set
set
set
set
set
set
set
set
set
set
set
set
set
set
set
set
82
server
server
server
server
server
server
server
server
server
server
server
server
server
server
server
server
server
server
server
server
server
server
server
server
server
server
server
server
server
server
server
server
server
server
server
server
server
server
server
server
server
server
server
server
server
server
server
server
server
server
server
server
server
83
list
Purpose
Use the list command to display a list of user files on the appliance.
Roles
Role
list
Admin
Network Admin
Network Operator
Security Admin
Security Operator
User
Options
The options shown in Table 3-27 can be entered after the list command.
Table 3-27
list Options
Options
Description
config
file
Displays the list of user files (certs and keys) stored on the appliance.
Notes
None
Examples
list file
An example of the output is:
2200% list file
democert
demokey
list config
An example of the output is:
2200% list config
Factory
my_config
abc
84
ping
Purpose
ping
Admin
Network Admin
Network Operator
Security Admin
Security Operator
User
Options
This command is typically used in troubleshooting and during installation. Common tasks are
to ping the target host or the default gateway to verify that the configuration used at the time of
installation was correct.
Examples
ping 191.68.44.32
Pings another network node.
ping foobar.com
Pings via the DNS name. Make sure that DNS resolution is set up on the appliance.
85
quit
Purpose
quit
Admin
Network Admin
Network Operator
Security Admin
Security Operator
User
Options
None
Notes
86
reboot
Purpose
reboot
Admin
Network Admin
Network Operator
Security Admin
Security Operator
User
Options
None
Notes
None
Example
tx% reboot
Warning: This device will now reboot.
Are you sure you want to continue (y/n)? [n]
Reboots the appliance.
87
reload
Purpose
Use the reload command to back out your configuration changes before a write operation.
Roles
Role
reload
Admin
Network Admin
Network Operator
Security Admin
Security Operator
User
Options
None
Notes
This is an alternative to write, which saves configuration changes; reload reverts back to the
previous configuration and discards all changes since the last write.
Example
reload
Reloads the current configuration, discarding all
changes made since the last write.
88
reset config
Purpose
Use the reset config command to reset the appliance to factory settings.
Roles
Role
Admin
reset config
X
Network Admin
Network Operator
Security Admin
Security Operator
User
Options
None
Notes
This command brings the appliance back to the default values set by the factory. Connectivity
will be lost if you are connected to the appliance remotely. You will need to set the appropriate
network settings prior to the write operation should you want to have remote access after the
reset config and write operations.
You do not have to perform a write operation after the reset config command to have the
changes take effect. Instead, a warning message will be displayed as follows:
tx% reset config
Executing this command will reset all configurations, including
network settings. If you continue, you will need to connect to the
console (serial) port to access the box again.
Are you sure you want to continue (y/n)? [y]
You must confirm the command to perform the reset config operation. Resetting the appliance
to factory default settings will not delete all user accounts. You should use the command delete
user all to delete all user accounts.
Example
tx% reset config
Executing this command will reset all configurations, including network settings. If you continue,
you will need to connect to the console (serial) port
to access the box again.
Are you sure you want to continue (y/n)? [y]
Resets all settings to factory defaults.
89
set activen
Purpose
Use the set activen command to enable or disable the ActiveN feature or to change ActiveN
parameters.
Roles
set activen
set activen
group <name> sticky
Admin
Network Admin
Network Operator
Role
Security Admin
Security Operator
User
Options
The options shown in Table 3-28 can be entered after the set activen command.
Table 3-28
Value
Description
burst_max
<number>
policy
<leastconn|
roundrobin>
Sets the switching policy to round robin or Least Connection. (Default = round robin)
reset client
reset server
advanced
90
<seconds>
Table 3-28
Value
Description
Enables or disables the ActiveN feature. When disabled is selected, the switch is stopped and all configuration information is deleted (only from the kernel,
not from the configuration file). (Default = disabled)
[disabled | enabled]
[disabled | enabled]
bindaddr
<ip>
Used to set the bind address for the failover mechanism. (Default = Not configured)
forcemaster
mcastaddr
<ip>
nodeid
port peer
<port>
failover
vmac
<name>
<id>
[disabled |
enabled]
timeout
sticky
group
<name|all>
91
Table 3-28
Value
Description
interval down
<seconds>
The healthcheck options set the time duration between two health checks. This interval is different for
different status of the blades.
The amount of time that a blade must be unresponsive before it is taken out of rotation.
(Default = 20 seconds)
interval syn
<seconds>
interval up
<seconds>
maxtries
<number>
src_ip
<ip>
healthcheck
max_blades
ackwait
<seconds>
active
<seconds>
closewait
<seconds>
session timeout
Notes
92
93
Use the set admin audit command to enable or disable the logging of show commands in the
audit trail.
Roles
Role
Admin
Network Admin
Network Operator
Security Admin
Security Operator
User
Options
The options shown in Table 3-29 can be entered after the set admin audit command.
Table 3-29
Option
showcmd
Description
Enables or disables logging show commands entered on the CLI in the audit trail.
Notes
The settings made by this command will only take effect after a write operation. The show
commands will only be logged once a write operation has been performed.
Example
set admin audit showcmd enabled
Enables the logging of show commands entered on the CLI to the audit trail.
94
Use the set admin cli command to change settings for the Command Line Interface (CLI).
Roles
set admin cli
Role
sessionexpiretime
Admin
Network Admin
Network Operator
Security Admin
Security Operator
User
Options
The options shown in Table 3-45 can be entered after the set admin cli command.
Table 3-30
Options
sessionexpiretime
Value
<seconds>
Description
Sets the time out for the CLI session. If no activity occurs before this time, the user must re-authenticate. The default setting is 600 seconds.
Setting the sessionexpiretime to zero causes the
session to never expire.
Notes
None
Examples
None
95
Use the set admin email command to set parameters for administrative E-mail. This command
is used to configure the default E-Mail configuration, but not individually configurable E-mail
settings such as those set with the set admin log, set admin tcpdump, and set admin
tsdump commands.
Roles
Role
Admin
Network Admin
Network Operator
Security Admin
Security Operator
User
Options
The options shown in Table 3-31 can be entered after the set admin email command.
Table 3-31
Options
Value
Description
defaultmailto
<default address>
Default address to be used when E-mail addresses are not set. Specific E-mail addresses for log, TCPDump and TSDump, if set, will
over ride the default E-mail address.
from
<from address>
server
<smtp server>
Notes
The settings made by this command will only take effect after a write operation.
Examples
set admin email from admin@company.com
Sets the from E-mail address to admin@company.com
set admin email defaultmailto support@company.com
Sets the default E-mail address to support@company.com.
set admin email server 192.168.1.2
Sets the E-mail server to address 192.168.1.2.
96
Use the set admin interface command to set parameters for the administrative interface.
Roles
Role
Admin
Network Admin
Network Operator
Security Admin
Security Operator
User
Options
The options shown in Table 3-32 can be entered after the set admin interface command.
Table 3-32
Options
ether
Value
<N>
Description
Sets the ethernet interface to use for administration
traffic, where < N > where N is one of 0, 1, 2, ... N
Notes
The set admin interface command is typically used with the set admin vip and set admin
netmask commands. The settings made by this command will only take effect after a write
operation.
Example
set admin interface ether 1
Sets ether 1 to be the administration interface.
97
Use the set admin log command to set parameters for logging to various destinations, including
the memory of the appliance, E-mail, and the syslog.
Roles
Role
Admin
Network Admin
Network Operator
Security Admin
Security Operator
User
Options
The options shown in Table 3-33 can be entered after the set admin log command.
Table 3-33
Options
console
Value
< ALERT | EMERG>
disabled
email
Description
Sets logging to the console to one of the log levels.
Sends a log message to the console when an event greater than
or equal to the selected level occurs.
Disables the logging function.
enabled
mailto1
mailto2
memory
syslog
Notes
The settings made by this command will only take effect after a write operation.
If neither the mailto1 or the mailto2 addresses are set, the address set using the set admin
email command will be used. Refer to set admin email on page 96 for additional information.
98
99
Use the set admin netmask command to set the netmask for the administrative IP address.
Roles
Role
Admin
Network Admin
Network Operator
Security Admin
Security Operator
User
Options
None
Notes
The settings made by this command will only take effect after a write operation. The netmask
value is an optional parameter; the default value is 255.255.255.255.
Example
set admin netmask 255.255.255.255
Sets the netmask for the administrative address.
100
Use set admin scp to configure the SCP server and username, and to import and export user
information.
Roles
Role
Admin
Network Admin
Network Operator
Security Admin
Security Operator
User
Options
The options shown in Table 3-34 can be entered after set admin scp.
Table 3-34
Options
Value
Description
server
<hostname or IP address>
username
<scp username>
Notes
The settings made by this command will only take effect after a write operation. The SCP
server or TFTP server can be used for the following operations:
Example
set admin scp server 19.8.7.4
Set the SCP server by its IP address.
101
Use the set admin snmp command to set options relating to the SNMP configuration of the
appliance.
Roles
Role
Admin
Network Admin
Network Operator
Security Admin
Security Operator
User
Options
The options shown in Table 3-35 can be entered after the set admin snmp command.
Table 3-35
Options
community
contact
Value
Description
ip
<ip>
name
<name>
netmask
<netmask>
Sets the netmask to allow SNMP connections from the specified network.
<contact>
down
location
<location>
trap
up
Turns on SNMP.
Notes
Setting the SNMP service up or down will take effect immediately after the command is
executed. The remainder of the settings in this section will only take effect after a write
operation.
The SNMP agent only supports read, not write operations.
102
Examples
set admin snmp location snmp-rack1
Sets SNMP system locations.
set admin snmp community ip 19.9.9.2
Sets IP to allow SNMP connections from a specified IP address.
103
Use the set admin snmp trap command to set options relating to SNMP traps.
Roles
Role
Admin
Network Admin
Network Operator
Security Admin
Security Operator
User
Options
The options shown in Table 3-36 can be entered after the set admin snmp trap command.
Table 3-36
Options
Value
Description
authfailure
[disabled | enabled]
enterprise
[disabled | enabled]
generic
[disabled | enabled]
host
<1 | 2>
threshold
community
<community string>
ip
<ip>
version
<1 | 2>
<threshold in %>
connection
Notes
The settings in this command will only take effect after a write operation.
Examples
set admin snmp trap host1 ip 192.169.40.20
Configures the IP address for trap host1.
set admin snmp trap host2 version 2
Configures SNMP Version 2 traps to be sent to trap host2.
104
105
Use the set admin soap command to enable or configure the Simple Object Access Protocol
(SOAP) server. The SOAP Server is used with Configuration Synchronization.
Roles
Role
Admin
Network Admin
Network Operator
Security Admin
Security Operator
User
Options
The options shown in Table 3-37 can be entered after the set admin soap command.
Table 3-37
Options
Value
down
port
ssl
Description
Disables the SOAP server.
Sets the port number for the SOAP server. The default
port is 8070.
<portnum>
certfile
<filename>
keyfile
<filename>
Sets the SSL key file for the SOAP server. The default
file name is demokey.
keypass
<password>
up
Notes
106
Use the set admin ssh command to turn SSH (Secure Shell) access on or off.
Roles
Role
Admin
Network Admin
Network Operator
Security Admin
Security Operator
User
Options
The options shown in Table 3-38 can be entered after the set admin ssh command.
Table 3-38
Options
Description
down
up
Notes
107
Use the set admin syslog command to set up one or two syslog hosts for logging purposes.
Roles
Role
Admin
Network Admin
Network Operator
Security Admin
Security Operator
User
Options
The options shown in Table 3-39 can be entered after the set admin syslog command.
Table 3-39
Options
Description
facility
<LOG_LOCAL0 |
LOG_LOCAL1 |
LOG_LOCAL2 |
LOG_LOCAL3 |
LOG_LOCAL4 |
LOG_LOCAL5 |
LOG_LOCAL6 |
LOG_LOCAL7 |
LOG_USER>
host1
host2
port
<TCP Port>
Notes
The settings made by this command will only take effect after a write operation.
The syslog facility is used when the set admin log syslog level is set. Refer to set admin log
on page 98 for additional information.
Examples
set admin syslog host1 192.168.0.1
Sets the first syslog host to be 192.168.0.1.
108
109
Use the set admin tcpdump command to set options relating to TCPDump.
Roles
Role
Admin
Network Admin
Network Operator
Security Admin
Security Operator
User
Options
The options shown in Table 3-40 can be entered after the set admin tcpdump command.
Table 3-40
Options
Value
Description
filename
<tcpdump filename>
mailto1
mailto2
scp
smtp
tftp
transport
Notes
Before running the tcpdump command, the following parameters must be set:
Filename for storing the TCPDump, if you are using TFTP or SCP.
An E-mail address, TFTP server, or SCP server.
Refer to tcpdump on page 317 for additional information.
If you are using SCP, you need to set the SCP username using the command set admin scp
username <name> before entering this command. Refer to set admin scp on page 101 for
additional information.
110
Examples
set admin tcpdump transport scp
Uses the pre-configured SCP host to upload the TCPDump information.
set admin tcpdump transport smtp
Uses the pre-configured E-mail addresses to send the TCPDump information.
set admin tcpdump transport tftp
Uses the pre-configured TFTP host to upload the TCPDump information.
set admin tcpdump filename tx_tcpdump
Sets the filename to capture the TCPDump to be tx_tcpdump.
111
Use the set admin telnet command to turn telnet access on or off.
Roles
Role
Admin
Network Admin
Network Operator
Security Admin
Security Operator
User
Options
The options shown in Table 3-41 can be entered after the set admin telnet command.
Table 3-41
Options
Description
down
up
Notes
This command will take effect immediately after it is executed. Issuing a write command saves
the change so that it is preserved between reboots.
Examples
set admin telnet up
Enables telnet access.
set admin telnet down
Disables telnet access.
112
Use the set admin tftp command to set TFTP server information.
Roles
Role
Admin
Network Admin
Network Operator
Security Admin
Security Operator
User
Options
The options shown in Table 3-42 can be entered after the set admin tftp command.
Table 3-42
Options
server
Value
Description
<hostname | IP Address>
Notes
This command takes effect immediately. Issue a write command to make the change
permanent.
The TFTP server can be used for the following operations:
The TFTP transport cannot be used to export audit trail and event logs.
Example
set admin tftp server 19.8.7.4
Sets the TFTP server to an IP address.
113
Use the set admin tsdump command to set options relating to technical service dumps.
Roles
Role
Admin
Network Admin
Network Operator
Security Admin
Security Operator
User
Options
The options shown in Table 3-43 can be entered after the set admin tsdump command.
Table 3-43
Options
Value
Description
filename
<tspdump filename>
mailto1
mailto2
scp
smtp
Sends TSDump information via pre-configured E-Mail addresses. Any of the options SCP, SMTP, or TFTP can be set, but only
one at a time.
tftp
transport
Notes
The settings made by this command will only take effect after a write operation.
Technical service dump information is used by Redline Networks authorized personnel for
troubleshooting the appliance. These parameters must be set before running the tsdump
command:
Filename for storing the TSDump, if you are using TFTP or SCP.
An E-mail address, TFTP server, or SCP server.
If you are using SCP, you need to set the SCP username using the command set admin scp
username <name> before entering this command. Refer to set admin scp on page 101 for
additional information.
114
Examples
set admin tsdump transport scp
Use the pre-configured SCP host to upload TSDump information.
set admin tsdump transport smtp
Uses pre-configured E-mail addresses to send the TSDump information.
set admin tsdump transport tftp
Use the pre-configured TFTP host to upload TSDump information.
115
Use the set admin upgrade command to configure the filename and transport for the appliance
pac file used to upgrade the firmware.
Roles
Role
Admin
Network Admin
Network Operator
Security Admin
Security Operator
User
Options
The options shown in Table 3-44 can be entered after the set admin upgrade command.
Table 3-44
Options
filename
Value
Description
scp
tftp
transport
Notes
The settings made by this command will only take effect after a write operation.
The TFTP server or the SCP server must be configured before the upgrade. Use the command:
set admin tftp server <tftp server>
or
set admin scp server <scp_server>
116
Examples
set admin upgrade filename tx.pac
Sets the filename of the appliance pac file to be tx.pac.
set admin upgrade transport scp
Use SCP to install new firmware.
set admin upgrade transport tftp
Use TFTP to install new firmware.
117
Use the set admin vip command to set the administrative IP address.
Roles
Role
Admin
Network Admin
Network Operator
Security Admin
Security Operator
User
Options
None
Notes
The settings made by this command will only take effect after a write operation.
Example
set admin vip 10.0.11.10
Sets the administrative IP address.
118
Use the set admin webui command to change settings for the Web User Interface (WebUI).
Roles
set admin webui
Role
up/down
port
sessionexpiretime
ssl
Admin
Network Admin
Network Operator
Security Admin
Security Operator
User
Options
The options shown in Table 3-45 can be entered after the set admin webui command.
Table 3-45
Options
Value
down
Description
Turns the Web User Interface off.
port
<port number>
sessionexpiretime
<seconds>
Sets the time out for the WebUI session. If no activity occurs before this time, the user must reauthenticate.
cert
disabled
enabled
ssl
up
Notes
Setting the Web User Interface service up (on) or down (off) will take effect immediately after
the command is executed. Issuing a write command saves the change so it is preserved between
reboots. The remainder of the settings in this section will only take effect after a write
operation.
119
Examples
set admin webui port 8090
Sets the in-band administrative port to 8090.
set admin webui up
Turns the web administration manager on.
set admin webui ssl enabled
Enables access to the Web UI via SSL.
120
set boot
Purpose
Use the set boot command to set the boot partition for the next reboot.
Roles
Role
set boot
Admin
Network Admin
Network Operator
Security Admin
Security Operator
User
Options
The options shown in Table 3-46 can be entered after the set boot command.
Table 3-46
Options
Notes
None
Example
set boot 1
Sets partition 1 to be the boot partition for the next reboot.
121
Use the set cache <name> command to set the parameters for the named 3G cache.
Roles
Role
Admin
Network Admin
Network Operator
Security Admin
Security Operator
User
Options
The options shown in Table 3-47 can be entered after the set cache <name> command.
Table 3-47
Options
max_objects
size
Parameter
Description
<integer>
<integer>
The minimum number is 1,048,576 (1 Mbyte) and the maximum is 104,857,600 (100 Mbytes). The default value is
10,485,760 (10 Mbytes). The actual size of the cache can be
somewhat larger than this.
The value for max_objects can be abbreviated with an M
suffix to indicate a megabyte. (1,048,576 bytes = 1M)
Notes
The settings made by this command will only take effect after a write operation.
Examples
set cache secureImages max_objects 28000
Sets the total number of objects that can be stored in the
cache named secureImages to be 28000.
set cache secureImages size 104857600
Sets the maximum size (in bytes) of the cache named secureImages to be the maximum (104,857,600 bytes).
122
set clock
Purpose
Use the set clock command to set the date and time of the server.
Roles
Role
set clock
Admin
Network Admin
Network Operator
Security Admin
Security Operator
User
Options
The option shown in Table 3-48 can be entered after the set clock command.
Table 3-48
<YYYY.MM.DD HH:MM:SS>
Description
YYYY: Year
MM: Month
DD: Day
HH: Hour
MM: Minute
SS: Second
Notes
The settings made by this command will only take effect after a write operation.
If date and time are controlled by the NTP, you must:
set ntp down
123
Use the set cluster <name> aaa audit command to enable or disable HTTP(S) authentication
auditing.
Roles
Role
Admin
Network Admin
Network Operator
Security Admin
Security Operator
User
Options
The options shown in Table 3-49 can be entered after the set cluster <name> aaa audit
command.
Table 3-49
Options
Description
[disabled | enabled] 1
level
[all | failures]
Notes
The settings made by this command will only take effect after a write operation.
124
Use the set cluster <name> aaa authentication commands to set the HTTP(S) authentication
and authorization parameters for a cluster. For more information on HTTP(S) authentication,
see the Installation and Administration Guide.
Roles
set cluster <name>
aaa authentication
Role
Admin
Network Admin
Network Operator
Security Admin
Security Operator
User
Options
The options shown in Table 3-50 can be entered after the set cluster <name> aaa
authentication command.
Table 3-50
Value
Description
[enabled|disabled]
maxage
cache
[maxage]
[disabled | enabled]
anonymous
[enabled|disabled]
base-dn
<string>
password
<string>
This command is used to set the bind user password. N can be either 1 or 2.
user-dn
<string>
This command is used to set the bind user distinguished name. N can be either 1 or 2.
<string>
This command is used to set the name of the attribute that holds the group information in LDAP
server database. The default is "ou".
ldap
bind
gid
125
Table 3-50
Value
ip
<ip>
port
<port number>
server N
[disabled | enabled]
cacertfile
<string>
uid
<string>
This command is used to set the name of the attribute that holds the user information in the LDAP
server database. The default value is "uid". the user
name entered in the browser's authentication dialog
is assigned to the uid attribute. This can be any attribute, for example, givenname, surname, cn, etc. It
is best to use uid as it is normally a unique attribute
for each person. The authentication will fail if multiple matches are found.
version
<2 | 3>
This command is used to set the LDAP protocol version. The default is LDAPv3.
www
This command is used to set the method of authentication that will be used for the cluster.
ssl
ldap
method
This command is used to set or change the password that will be used that will be used for AAA Authentication. You will be prompted to enter the
password.
password
[ldap|radius]
This command is used to set the authentication protocol that will be used for the cluster.
ip
<ip>
port
<port number>
key
<shared-key>
retries
<integer>
timeout
<integer>
<string>
protocol
server N
radius
server
realm
126
Description
Table 3-50
Value
Description
[disabled | enabled]
This command is used to Enable or Disable Redirect on a password change flag set. You need to
specify a custom page to redirect users to when a
password change flag is received.
host
<ip:port>
protocol
[http* | https]
url
redirect
response text
<string>
Notes
The settings made by this command will only take effect after a write operation.
The protocol must be set (radius or ldap), before the radius and ldap options can be set.
Examples
tx% set cluster 1 aaa authentication protocol LDAP
Sets the authentication protocol for cluster 1 to LDAP.
tx% set cluster 1 aaa authentication ldap version 3
Sets the LDAP version to use for cluster 1 authentication to LDAP Version 3.
tx% show cluster 1 aaa authentication protocol
HTTP Authentication Protocol: LDAP
tx% set cluster 1 aaa authentication radius server retries 8
Authentication protocol is not RADIUS
tx%
This example shows that the LDAP authentication protocol was set, and that any changes
made that are not specifically for the LDAP protocol (Radius in this example) will generate
an error.
127
Use the set cluster <name> apprule commands to bind an OverDrive AppRule ruleset to a
specific cluster, and enable or disable ruleset operations on that cluster. This feature is only
available on an E|X Enterprise Application Processor with an OverDrive license.
Roles
set cluster <name> apprule
Role
Admin
limit
ruleset
enable/disable
Network Admin
Network Operator
Security Admin
Security Operator
User
Options
The options shown in Table 3-51 can be entered after the set cluster <name> apprule
command.
Table 3-51
Options
Value
Description
[disabled | enabled] 1
limit 2
retrypost
ruleset
<filename>
<int>
Sets the filename for the AppRule ruleset for a specific cluster.
1.This feature is only available on an E|X Enterprise Application Processor with an OverDrive
license.
2.If a value of zero is specified, then there is no limit imposed on the POST data amount. This is
very dangerous since it allows a single user to issue a single request and use all of the resources on the box. The default value is 32768 kBytes. Most POST requests are typically less than
2 kBytes, so there should not be any problems with the default range limits. An upper limit of 100
MBytes is provided for installations that demand maximum flexibility.
Notes
The settings made by this command will only take effect after a write operation.
For the retry_request action to work correctly with Page Translation Content, the factory setting
fcl must be explicitly enabled (it is disabled by default). Contact your Redline Administrator
or Redline Support for assistance.
128
Examples
set cluster 1 apprule ruleset my_ruleset
Sets the AppRule binding for cluster 1 to the values declared in the file my_ruleset.
set cluster 1 apprule enabled
Enables AppRule operations for cluster 1.
129
Use the set cluster <name> cache command to associate or disassociate a cluster with a
specific cache.
Roles
set cluster <name>
cache
Role
Admin
Network Admin
Network Operator
Security Admin
Security Operator
User
Options
The options shown in Table 3-52 can be entered after the set cluster <name> cache command.
Table 3-52
Options
Values
cache
<name>
cache
<name>
Description
Associates a cluster with a named cache.
[disabled | enabled
Notes
The settings made by this command will only take effect after a write operation.
Example
set cluster fred cache secureImages
Associates the cluster fred with the cache named secureImages.
130
Use the set cluster <name> connbind command to enable or disable connection binding. This
feature is only available on the E|X Enterprise Application Processor product line.
Roles
set cluster <name>
connbind
Role
Admin
Network Admin
Network Operator
Security Admin
Security Operator
User
Options
The options shown in Table 3-53 can be entered after the set cluster <name> connbind
command.
Table 3-53
Options
Description
disabled
enabled
Notes
The settings made by this command will only take effect after a write operation.
Examples
set cluster 1 connbind enabled
Enables connection binding.
set cluster 1 connbind disabled
Disables connection binding.
131
Use the set cluster <name> convert302protocol command to enable or disable the conversion
of HTTP 302 responses from HTTP to HTTPS or from HTTPS to HTTP.
Roles
set cluster <name>
convert302protocol
Role
Admin
Network Admin
Network Operator
Security Admin
Security Operator
User
Options
The options shown in Table 3-54 can be entered after the set cluster <name>
convert302protocol command.
Table 3-54
Options
Description
disabled
enabled
Notes
The settings made by this command will only take effect after a write operation.
Enabling this option will convert the HTTP 302 responses from the target server from HTTP to
HTTPS or from HTTPS to HTTP. For example, if the HTTP 302 responses from the target
server are in the HTTP protocol, enabling this option will cause the appliance to convert the
HTTP 302 responses sent back to the client into HTTPS protocol.
This is useful when SSL acceleration is enabled on the listen side and the target side remains
set to clear traffic. When the target server sends an HTTP 302 response, the appliance will
automatically convert the HTTP 302 response back to the client using HTTPS protocols.
Example
set cluster 1 convert302protocol enabled
Enables the convert302 protocol.
132
Role
Admin
Network Admin
Network Operator
Security Admin
Security Operator
User
Options
The options shown in Table 3-55 can be entered after the set cluster <name> description
command.
Table 3-55
Options
description
Description
Add a description to a named cluster.
Notes
The settings made by this command will only take effect after a write operation.
Examples
set cluster marketing description This cluster fronts the marketing section of
the intranet. Authentication is required to access this content. If you have questions, please contact Joe Schmoe at jschmoe@mycompany.com or by phone at extension 4567."
Adds the description This cluster fronts the marketing section of the intranet. Authentication
is required to access this content. If you have questions, please contact Joe Schmoe at
jschmoe@mycompany.com or by phone at extension 4567." to the cluster named marketing.
133
Use the set cluster <name> dsr command to enable or disable Direct Server Return (DSR).
This reduces traffic by allowing web servers to send HTTP responses directly back to the
requesting client, thus bypassing the load balancer in the response path.
Roles
set cluster <name>
dsr
Role
Admin
Network Admin
Network Operator
Security Admin
Security Operator
User
Options
The options shown in Table 3-56 can be entered after the set cluster <name> dsr command.
Table 3-56
Options
Description
disabled
enabled
Notes
The settings made by this command will only take effect after a write operation.
Refer to Chapter 6 in the Installation and Administration Guide for additional information.
Examples
set cluster 1 dsr enabled
Enables DSR on cluster 1.
set cluster 2 dsr disabled
Disables DSR on cluster 2.
134
Use the set cluster <name> health command to set the content health check parameters for
target servers.
Roles
Role
Admin
Network Admin
Network Operator
Security Admin
Security Operator
User
Options
The options shown in Table 3-57 can be entered after the set cluster <name> health command.
Table 3-57
Options
Value
Description
disabled
enabled
interval
<interval>
resume
<resume number>
retry
<retry number>
Number of health check retries with no response before declaring the target server as down.The default is four; the range is
from one to 20.
returncode
<return code>
size (optional)
<size of response>
<string>
Searches for the string in the non-header portion of the HTTP response. This option only applies to the following MIME types:
text/html
text/css
text/plain
text/xml
The string is case-sensitive, and the maximum length of the
string is 64 bytes. When typing the command from the Command
Line Interface, the string must be enclosed in double quotes if
there is white space in the string. The string must not be enclosed in double quotes when being entered from the WebUI.
string (optional)
135
Table 3-57
Options
Value
Description
timeout
<1-60>
The timeout value is the maximum time (in seconds) that the appliance will wait for the last byte of the HTTP response, measured from the time that the GET request was sent. The default
is 15 seconds.
Id this timeout is exceeded, the target will be marked as down
with a new status code:
RT = Layer 7 Down; Response Timed Out
urlpath
<url path>
The URL path that the appliance will send to target servers for
health checks. The URL path must begin with a /.
useragent
<default | n>
Notes
The settings made by this command will only take effect after a write operation.
The appliance verifies the health of the target server by sending an HTTP Get Request to all the
target servers in the cluster at a pre-configured interval. The Redline appliance assume all target
hosts are down when Layer 7 health checking is turned on, and only logs state transitions. This
means that with two servers to be checked when we turn on Layer 7 Health Checking (one down
and one up), the server that is up will be logged in the system log as "Server A passed L7 Health
Check" but the server that is down will never be mentioned in the logs until such time as it
comes up.
For example:
Server 0.0.31.20 is normal: It responds to both a ping and an HTTP request (machine is
up, webserver is up).
Server 10.0.31.10 is in a semi-bad state: It responds to a ping, but not an HTTP request
(machine is up, webserver is down)
In this state, when Layer 7 health checking is first enabled, you will never see 10.0.31.10
marked as bad by Layer 7 health check. This is because it was never seen as up by the
appliance, and therefore there was never a transition to record.
Examples
set cluster 1 health urlpath /index.html
Sets the URL for health check to be index.html.
set cluster 1 health returncode 200
Sets the expected return code to 200.
set cluster 1 health enabled
Enables health checks for cluster 1.
136
Use the set cluster <name> listen command to set properties for cluster listen traffic (between
the appliance and the client browser). This establishes a virtual IP address, netmask, port, or
SSL configuration for a servers cluster listen traffic.
Roles
set cluster <name> listen
Role
port
ssl
targetsdown
vip
Admin
Network Admin
Network Operator
Security Admin
Security Operator
User
Options
The options shown in Table 3-58 can be entered after the set cluster <name> listen command.
Table 3-58
Options
port
Value
<port number>
Description
Sets the cluster listen port. The default is set to 80.
SSL configuration; refer to set cluster <name> listen ssl on
page 139 for additional information.
ssl
targetsdown
vip
<ip>
Notes
The settings made by this command will only take effect after a write operation.
137
Examples
set cluster 1 listen vip 10.0.22.51
Sets cluster 1s listen virtual IP address to 10.0.22.51.
set cluster 1 listen port 80
Sets cluster 1s listen port to 80.
138
Use set cluster <name> listen ssl to establish properties of a clusters SSL listen traffic.
Roles
set cluster <name>
listen ssl
Role
Admin
Network Admin
Network Operator
Security Admin
Security Operator
User
Options
The options shown in Table 3-59 can be entered after the set cluster <name> listen ssl
command.
Table 3-59
Options
Value
Description
certfile
<filename>
cipherfile
<filename>
Specifies the name of the user-defined file containing a list of cipher suites that
conform to the OpenSSL standard.
all
Allows all supported SSL cipher suites for cluster listen traffic.
common
Allows only the most commonly used cipher suites from both the strong and
export groups.
export
Allows only the lower security suites that have been traditionally available for
export.
file
strong
Allows only the highest security cipher suites that have only been traditionally
available in the United States.
ciphersuite
clientauth
Sets SSL Client Certificate Authentication (refer to set cluster <name> listen
ssl clientauth on page 141 for additional information).1
disabled
enabled
ephkeyfile
<ephkeyfile>
ephkeypass
keyfile
keypass
<filename>
139
Table 3-59
Options
protocol
Value
Description
sslv2
sslv23
sslv3
tlsv1
1.This command is only available on the E|X Enterprise Application Processor product line.
Notes
The settings made by this command will only take effect after a write operation.
The ephemeral key is a debugging aid for export ciphers. The ephemeral keyfile must be a 512bit RSA key in OpenSSL PEM (base-64) format and, if encoded, must match the password. The
512-bit RSA key must reside in the file /usr/rl/etc/cluster/ephpass.pem.
The SSL key pass phrase (keypass) is not copied as part of the configuration file on the new
partition during an upgrade. You can import the keypass by typing command:
%set cluster <n> listen ssl keypass <key password>
140
Use the set cluster <name> listen ssl clientauth command to establish properties of cluster
SSL listen traffic with Client Certificate Authentication. This feature is only available on the
E|X Enterprise Application Processor product line.
Roles
set cluster <name> listen ssl
clientauth
Role
Admin
Network Admin
Network Operator
Security Admin
Security Operator
User
Options
The options shown in Table 3-60 can be entered after the set cluster <name> listen ssl
clientauth command.
Table 3-60
Options
authtype
cacertfile
cacrlfile
Description
[local | none]
<filename>
<filename>
141
Table 3-60
Options
Value
catrustfile
<filename>
Description
Sets the CA Trusted Certificate file to <filename> for the
cluster. The <filename> must be a file containing a valid list
of one or more root- or intermediate-CA certificates; each certificate is encoded in base64 format.
If the certificate is an intermediate certificate, its root CA certificate must also be present in either a catrustfile or the cacertfile.
disabled
enabled
Enables or disables forwarding of client certificate to the target host as an HTTP header. The default is disabled.
forwardclientcert
Notes
The settings made by this command will only take effect after a write operation.
Examples
set cluster 1 listen ssl clientauth enabled
Enables client authentication for cluster 1.
set cluster 1 listen ssl clientauth cacertfile ca_cert_list
Sets the advertised CA file to be ca_cert_list for cluster 1.
set cluster 1 listen ssl clientauth cacertfile ca_crl_list
Sets the CA CRL to be ca_crl_list for cluster 1.
set cluster 1 listen ssl clientauth catrusttfile ca_trusted_list
Sets the CA trusted certificate file to be ca_trusted_list for cluster 1.
set cluster secure_001 listen ssl clientauth forwardclientcert headername
"CLIENT_CERT"
Sets the forward client certificate header name for the cluster secure_001 to be
CLIENT_CERT.
142
Role
Admin
Network Admin
Network Operator
Security Admin
Security Operator
User
Options
The option shown in Table 3-61 can be entered after the set cluster <name> name
<newname> command.
Table 3-61
Option
name
Description
Change the name of an existing cluster to <newname>.
The new name must conform to the requirements outlined
in Cluster, Redirector, and Forwarder Naming Conventions on page 17.
Notes
The settings made by this command will only take effect after a write operation.
Example
set cluster marketing name mkt-dept
Renames the cluster marketing to mkt-dept.
143
Use the set cluster <name> owa command to enable or disable support for Outlook Web
Access (OWA). This command is only available on the E|X Enterprise Application Processor
product line.
Roles
set cluster <name>
owa
Role
Admin
Network Admin
Network Operator
Security Admin
Security Operator
User
Options
The option shown in Table 3-62 can be entered after the set cluster <name> owa command.
Table 3-62
Option
owa
Value
[disabled | enabled]
Description
Enables or disables the OWA methods.
Notes
The settings made by this command will only take effect after a write operation.
Example
tx% set cluster 1 owa enabled
Enables Outlook Web Access support for cluster 1.
144
Use the set cluster <name> stats history command to set client to enable or disable the
collection of statistics history.
Roles
Role
Admin
Network Admin
Network Operator
Security Admin
Security Operator
User
Options
The options shown in Table 3-63 can be entered after the set cluster <name> stats history
command.
Table 3-63
Option
stats
Value
history
[disabled | enabled]
Description
Enables or disables the collection of statistics history.
Notes
The settings made by this command will only take effect after a write operation.
Example
None
145
Use the set cluster <name> sticky command to set client to target sever bindings.
Roles
Role
Admin
Network Admin
Network Operator
Security Admin
Security Operator
User
Options
The options shown in Table 3-64 can be entered after the set cluster <name> sticky command.
Table 3-64
Options
Value
distribution
<internet | intranet>
clientip
Defines the hashing method for using client IP for sticky connections. The default is internet. For optimum results, deployments with public-facing web sites should use internet
and deployments with intranet applications should use intranet.
timeout
expire
Sets the time (in minutes) to keep the cookie valid. The allowable range of cookie expire values is 1 minute to
3,000,000 minutes (5.71 years). Setting the cookie expire
value to zero means that the cookies never expire.
cookie
mask
method
Description
iponly
ipport
Uses both the IP address and the port for identifying a target
server.
clientip
cookie
none
Notes
The settings made by this command will only take effect after a write operation.
146
Examples
set cluster 1 sticky clientip timeout 1000
Sets the sticky (via clientip) timeout to 1000 minutes.
set cluster 1 sticky cookie expire 1000
Sets the sticky (via cookie) timeout to 1000 minutes.
set cluster 1 sticky method cookie
Uses cookies for binding clients to a target host.
set cluster 1 sticky method none
Disables sticky binding.
set cluster 1 sticky mask ipport
Uses an IP address and port to identify a target server.
set cluster 1 sticky clientip distribution intranet
Uses the hashing method designed for intranet deployment.
147
Use the set cluster <name> target command to set a target name or target host, tune a target
host, and/or to enable or disable the target host.
Roles
set cluster <name> target
host ip:port
host enabled/
disabled
host paused/
unpaused
localip
name
ssl
Admin
Network Admin
Role
Network Operator
Security Admin
Security Operator
User
Options
The options shown in Table 3-65 can be entered after the set cluster <name> target command.
Table 3-65
Options
host
148
Value
[all | <ip:port>]
Description
<blank>
Adds target host to cluster. All can be specified instead of IP and Port.
disabled
enabled
hardpause
softpause
unpause
localip
<ip>
Sets the local IP to be used for communication with all the target hosts in this cluster.
name
<DNS Name>
ssl
tune
Notes
The settings for the hardpause, softpause, and unpause commands take place immediately.
The settings for the remainder of the commands will only take effect after a write operation.
Examples
set cluster 1 target host 10.0.22.3:80
Establishes a target host for cluster 1 at a specified IP address and port number.
set cluster 1 target host 66.218.71.87:80 enabled
Enables target server 66.218.71.87 in cluster 1.
set cluster 1 target host all enabled
Enables all target servers in cluster 1.
set cluster 1 target name foobar.com
Sets the domain name of the target host for cluster 1.
149
Use the set cluster <name> target ssl command to establish SSL properties of target servers.
Roles
set cluster <name>
target ssl
Role
Admin
Network Admin
Network Operator
Security Admin
Security Operator
User
Options
The options shown in Table 3-66 can be entered after the set cluster <name> target ssl
command.
Table 3-66
Options
Value
Description
certfile
<file>
cipherfile
<filename>
Specifies the name of the user-defined file containing a list of cipher suites
that conform to the OpenSSL standard.
all
Allows all supported SSL cipher suites for cluster target traffic.
common
Allows only the fastest cipher suites from both the strong and export
groups.
export
Allows only the lower-security cipher suites that are suitable for export.
file
strong
Allows only the highest security cipher suites that are suitable for use in the
United States.
ciphersuite
disabled
enabled
keyfile
<file>
keypass
protocol
timeout
150
sslv2
sslv23
sslv3
tlsv1
<minutes>
Notes
The settings made by this command will only take effect after a write operation.
The supported cipher suites are shown in Appendix C. "Cipher Suites".
Examples
set cluster 1 target ssl enabled
Enables SSL encryption for cluster 1.
set cluster 1 target ssl ciphersuite all
Uses all SSL cipher suite types for cluster target traffic.
151
Use the set cluster <name> target tune command to start the target tuning tool. The purpose
of the target tuning tool is to enable you to easily set up the interaction with the target hosts and
to properly set up the cluster/system behavior for a custom environment. The target tuning tool
is a single CLI command that sets a number of configuration variables using a question and
answer format. This option is only available on the E|X Enterprise Network Processor.
Roles
set cluster <name>
target tune
Role
Admin
Network Admin
Network Operator
Security Admin
Security Operator
User
Options
The set cluster <name> target tune command will prompt you for the options shown in
Table 3-67, Table 3-68, and Table 3-69.
Table 3-67
Options
Other*
Action
Selecting this option resets all the setting changes made by the
other selections for this item to their default value. The settings
that it affects are:
152
Table 3-67
Options
OWA
Action
This option makes the following settings:
PeopleSoft
Domino 5
Domino 6
JDE OneWorld
The tuning options for the Target Web Server type are:
Table 3-68
Options
Action
Other*
Apache
IIS4
Selecting this option enables protected Internet Information Server support serverwide.
Options
Action
No*
Yes
153
Notes
The settings made by this command will only take effect after a write operation.
Example
An example of a typical tuning tool session is shown below. The default answer for each of the
questions is marked with an asterisk (*):
% set cluster 1 target tune
This will help optimize the communication with the Target Hosts
within this cluster. It will help ensure that functionality is
maintained while providing the most possible benefit.
Please answer the following questions. Enter Control-C at any
time to exit without modification.
1)
1)
2)
3)
4)
5)
6)
Enter Selection: 1
2)
1)
2)
3)
Enter Selection: 1
3) Is NTLM Authentication used?
N) No (*)
Y) Yes
Enter Selection: n
You have selected:
Target Application: Other
Target Web Server: Other
NTLM Authentication: No
Continue using these selections?
N) No, Start Over (*)
Y) Yes, Use these values
Enter Selection: y
Tuning based on your selections ...
Done.
(*) tx5
154
Use the set cluster <name> transparency command to enable or disable IP transparency. This
command is only available on the E|X Enterprise Application Processor.
Roles
Set cluster <name>
transparency
Role
Admin
Network Admin
Network Operator
Security Admin
Security Operator
User
Options
The options shown in Table 3-71 can be entered after the set cluster <name> transparency
command.
Table 3-70
Options
disabled
enabled
Value
Description
Disables IP transparency (default).
Notes
The settings made by this command will only take effect after a write operation.
Redline appliances operate in a secure reverse-proxy mode. In this mode, all incoming client
requests are terminated at the Redline appliance and multiplexed to a pool of predefined target
hosts that serve the content. When the Redline appliance provides connection multiplexing, the
Source IP (SIP) is replaced by the IP of the Redline appliance before the request is forwarded
to the target host. This is required to provide the connection multiplexing capability in the appliance. However, this may create unintended side effects:
The target host logs do not have the clients IP address any more.
Since to the target host, all requests look to originate from a single IP, it may perceive it
as an attack and close connections.
The set cluster <name> transparency command allows you to enable or disable client IP
transparency capability for a cluster configuration. Enabling transparency allows the target
hosts to see the source IP address of the originating connection. For more information, see
Client IP Transparency in the Integrating the E|X Into your Network chapter of the Installation
and Administration Guide.
155
Examples
set cluster 1 transparency enabled
Enables logging on cluster 1.
156
Use the set cluster <name> weblog commands to enable or disable cluster logging. The
formats in which the Web Log can be stored are shown in the notes.
Roles
set cluster <name>
weblog
Role
Admin
Network Admin
Network Operator
Security Admin
Security Operator
User
Options
The options shown in Table 3-71 can be entered after the set cluster <name> weblog
command.
Table 3-71
Options
Value
Description
batch
destination
[syslog | batch]
disabled
enabled
format
syslog
host
<host IP Address>
syslog
port
<port>
Notes
The settings made by this command will only take effect after a write operation.
The appliance can be configured to transmit the logs to the Syslog server in one of two ways.
The default configuration is Immediate mode, where the Redline appliance immediately writes
a User Datagram Protocol (UDP) packet containing a web log to the configured syslog server
for each client request. Immediate mode can create a significant amount of extra network activity and does not allow the ability to save logs.
157
The alternative is Web Log Batch mode. In Web Log Batch mode, web logs are saved on the
Redline appliance and then copied off in bulk format. For more information, see set cluster
<name> weblog batch on page 160.
The user can select the format of the log from one of these five options:
Common: This is the Apache Common Logging Format (CLF). The information included in the log is:
remotehost remotelogname authuser [date] "request" status
bytes
Combined: This is a modification of CLF (common) format and adds the values of the
Referer and User-Agent HTTP headers in quotes:
remotehost remotelogname authuser [date] "request" status
bytes "Referer" "User-Agent"
Common_cn: This is a modification of CLF (common) format with the cluster name
prepended to the CLF format:
clustername remotehost remotelogname authuser [date] "request"
status bytes
Combined_cn: This is a modification of the combined format with the cluster name
prepended to the combined format:
clustername remotehost remotelogname authuser [date] "request"
status bytes "Referer" "User-Agent"
Perf1: This is a proprietary format that allows you to more easily monitor the performance of Redline Networks appliance compression and cache. The information included
in the log is:
remotehost [date] method url version status request-bytes precomp-bytes postcomp-bytes cachehit
The information fields included in the logs are defined in Table 3-72.
Table 3-72
Field
Definition
remotehost
The remote hostname (or IP address if the DNS hostname is not available, or if
DNSLookup is Off).
remotelogname
authuser
[date]
"request"
The request line exactly as it came from the client inside quotes (" ").
status
bytes
"referer"
"user-agent"
158
Table 3-72
Field
Definition
clustername
method
url
version
request-bytes
The length of request content-body. This is applicable for POST, PUT, and certain WebDAV requests.
precomp-bytes
postcomp-bytes
cachehit
Examples
set cluster 1 weblog enabled
Enables logging on cluster 1.
set cluster 2 weblog disabled
Disables logging on cluster 2.
set cluster 1 weblog syslog host 10.4.5.4
Sets cluster 1 log host address.
159
Use the set cluster <name> weblog batch commands to configure cluster logging in Web Log
Batch mode.
Roles
set cluster <name>
weblog batch
Role
Admin
Network Admin
Network Operator
Security Admin
Security Operator
User
Options
The options shown in Table 3-71 can be entered after the set cluster <name> weblog batch
command.
Table 3-73
Options
compression
Value
Description
[enable | disable]
The web log can be sent to the syslog host in either native format or compressed in GZIP format. This command enables or
disables compression.
Forces an immediate copy of the Web Logs to the configured
syslog server.
copynow
Sets the size of the compressed file to copy (the size of the two
data buffers). The default value is 10 MBytes, and the range is
1 to 50 MBytes.
size
[val]
time
<1 | 2 | 3>
failure
retryinterval
[val]
host
[server]
connecttest
copy
Sets the times for the Web Log to be transmitted to the configured syslog server. The format of [time] is HH:MM. Up to three
times can be configured for each day.
Sets the retry interval (in seconds) in case of copy failure. The
default value is 60 seconds; the range is 30 to 200 seconds).
directory
[directory]
keyfile
[filename]
username
[user]
scp
160
[time]
Notes
The settings made by this command will only take effect after a write operation.
Examples
None
161
set dns
Purpose
Use the set dns command to set the name service domain and the name server.
Roles
Role
set dns
Admin
Network Admin
Network Operator
Security Admin
Security Operator
User
Options
The options shown in Table 3-74 can be entered after the set dns command.
Table 3-74
Options
Value
Description
domain
<DNS name>
server N
<IP Address>
Notes
The settings made by this command will only take effect after a write operation.
Examples
set dns domain www.foo.bar
Set DNS domain to a domain name.
set dns server 1 192.177.45.13
Set name server to an IP address.
162
set ether n
Purpose
Use the set ether N command to set the IP address, media, mtu, and netmask.
Roles
Role
set ether n
Admin
Network Admin
Network Operator
Security Admin
Security Operator
User
Options
The options shown in Table 3-75 can be entered after the set ether n command.
Table 3-75
Options
ip
Value
Description
<ip>
media
mtu
<MTU #>
netmask
<IP mask>
Notes
The settings made by this command will only take effect after a write operation.
Ether N may be ether 0 or ether 1.
Ether 0 is for user traffic and in-band administration.
Ether 1 is for heart beat traffic ensuring that the appliance is active and there is no need
to cut over to the standby appliance.
The administrative interface can be all interfaces or those specified by the set admin interface
command. The setting for media must exactly match the switch to which the appliance is
attached. If the switch is managed and has explicit settings, choose the exact speed and setting.
If the switch is un-managed, choose auto negotiate. The MTU (Maximum Transmission Unit)
should be set to 1500 for Ethernet.
DO NOT change this value unless your switch and network are configured to work
with a different MTU.
REDLINE NETWORKS :: Command Line Reference |
163
Examples
set ether 0 ip 10.44.5.5
Sets the ether 0 IP address.
set ether 1 media 100baseTX full-duplex
Sets ether 1 media type to 100 BaseTX.
set ether 1 media 5
Changes the media for ether 1 to auto-select.
164
A forwarder is used to forward non-HTTP TCP traffic (for instance, SMTP traffic).
Use the set forwarder <name> listen command to set the address or port for forwarder
listening.
Use the set forwarder <name> name command to rename a forwarder.
Use the set forwarder <name> target command to establish a target host, and/or enable
or disable that host.
Use the set forwarder <name> weblog command to set the host or logging for a forwarder.
Roles
set forwarder <name>
Role
description
dsr
listen
name
target
weblog
Admin
Network Admin
Network Operator
Security Admin
Security Operator
User
Options
The options shown in Table 3-76 can be entered after the set forwarder <name> command.
Table 3-76
Options
Value
Description
description
<description>
dsr
<Port number>
listen ssl
vip
name
<ip>
<new name>
165
Table 3-76
Options
Value
Description
Adds the IP address and the port for the forwarder target.
host
<ip:port>
target
localip
<ip>
ssl
Notes
The settings made by this command will only take effect after a write operation.
The description is limited to 512 characters of free-form text, but can not include newlines. This
allows administrators to fully describe the forwarder usage, contact information, warnings, or
any other pertinent information they deem necessary.
Examples
set forwarder 1 listen port 25
Sets forwarder 1 listen port to 25.
set forwarder foo target host 192.168.22.4:25
Adds a target host to forwarder foo.
set forwarder 1 target host enabled
Enables the target host for forwarder 1.
166
Use set forwarder <name> listen ssl to establish properties of a forwarders listen SSL traffic.
Roles
Role
Admin
Network Admin
Network Operator
Security Admin
Security Operator
User
Options
The options shown in Table 3-77 can be entered after the set forwarder <name> listen ssl
command.
Table 3-77
Options
Value
Description
certfile
<filename>
cipherfile
<filename>
all
Allows all supported SSL cipher suites for forwarder listen traffic.
common
Allows only the most commonly used cipher suites from both
the strong and export groups.
export
Allows only the lower security suites that have been traditionally available for export.
file
strong
Allows only the highest security cipher suites that have only
been traditionally available in the United States.
ciphersuite
167
Table 3-77
Options
Value
authtype
cacertfile
[local | none]
<filename>
<filename>
<filename>
Sets the CA Trusted Certificate file to <filename> for the forwarder. The <filename> must be a file containing a valid list
of one or more root- or intermediate-CA certificates; each certificate is encoded in base64 format.
If the certificate is an intermediate certificate, its root CA certificate must also be present in either a catrustfile or the cacertfile.
clientauth
cacrlfile
catrustfile
Description
disabled
enabled
disabled
enabled
ephkeyfile
<ephkeyfile>
ephkeypass
keyfile
keypass
protocol
sslv2
sslv23
sslv3
tlsv1
Notes
The settings made by this command will only take effect after a write operation.
The ephemeral key is a debugging aid for export ciphers. The ephemeral keyfile must be a
512-bit RSA key in OpenSSL PEM (base-64) format and, if encoded, must match the password.
The 512-bit RSA key must reside in the file /usr/rl/etc/forwarder/ephpass.pem.
168
The SSL key pass phrase (keypass) is not copied as part of the configuration file on the new
partition during an upgrade. You can import the keypass by typing command:
%set forwarder <n> listen ssl keypass <key password>
169
Use the set forwarder <name> target ssl command to establish SSL properties of target
servers.
Roles
set forwarder <name> target
ssl
Role
Admin
Network Admin
Network Operator
Security Admin
Security Operator
User
Options
The options shown in Table 3-78 can be entered after the set forwarder <name> target ssl
command.
Table 3-78
Options
Value
Description
certfile
<file>
cipherfile
<filename>
Specifies the name of the user-defined file containing a list of cipher suites
that conform to the OpenSSL standard.
all
Allows all supported SSL cipher suites for forwarder target traffic.
common
Allows only the fastest cipher suites from both the strong and export
groups.
export
Allows only the lower-security cipher suites that are suitable for export.
file
strong
Allows only the highest security cipher suites that are suitable for use in the
United States.
ciphersuite
disabled
enabled
keyfile
<file>
keypass
protocol
170
sslv2
sslv23
sslv3
tlsv1
Table 3-78
Options
Value
timeout
<time>
Description
Sets the SSL session timeout (in minutes) for the forwarders target traffic.
Notes
The settings made by this command will only take effect after a write operation.
The supported cipher suites are shown in Appendix C. "Cipher Suites".
Examples
set forwarder 1 target ssl enabled
Enables SSL encryption for forwarder 1.
set forwarder 1 target ssl ciphersuite all
Uses all SSL cipher suite types for forwarder target traffic.
171
Use the set health remotehost command to set parameters relating to connectivity failover.
Roles
Role
Admin
Network Admin
Network Operator
Security Admin
Security Operator
User
Options
The options shown in Table 3-79 can be entered after the set health remotehost command.
Table 3-79
Options
Value
Description
disabled
enabled
host
[ip]
interval
[seconds]
minhostsfailing
[count]
retry
[count]
timeout
[seconds]
Notes
The settings made by this command will only take effect after a write operation.
Example
None
172
set hostname
Purpose
set hostname
Admin
Network Admin
Network Operator
Security Admin
Security Operator
User
Options
The option shown in Table 3-80 can be entered after the set hostname command.
Table 3-80
Option
<host name>
Description
Name of the host.
Notes
The settings made by this command will only take effect after a write operation. The host name
must be fully-qualified.
Example
set hostname www.foobar.com
Sets the host name.
173
set ntp
Purpose
Use the set ntp command to set the NTP server or daemon.
Roles
Role
set ntp
Admin
Network Admin
Network Operator
Security Admin
Security Operator
User
Options
The options shown in Table 3-81 can be entered after the set ntp command.
Table 3-81
Options
Value
down
server N
Description
Turns off the NTP daemon.
<hostname/IP Address>
up
Notes
Setting ntp up or down takes effect immediately, without a write command. Issuing a write
command saves the change so that it is preserved between reboots.
Examples
set ntp server 1 www.foobar.com
Sets the NTP server.
set ntp up
Turns on the NTP daemon.
174
set password
Purpose
Use the set password command to set the logged-in users password.
Roles
Role
set password
Admin
Network Admin
Network Operator
Security Admin
Security Operator
User
Options
The option shown in Table 3-82 can be entered after the set password command.
Table 3-82
Option
None
Description
You are prompted for the password.
Notes
175
Use the set redirector <name> command to set properties for the redirector. This feature is
only available on the E|X Enterprise Application Processor product line.
Roles
set redirector <name>
customurl, enabled, disabled, dsr,
host, port, protocol, url method
listen
name
note
listen ssl
Admin
Network Admin
Role
Network Operator
Security Admin
Security Operator
User
Options
The options shown in Table 3-83 can be entered after the set redirector <name> command.
Table 3-83
Options
Value
Description
customurl
<URL string>
Sets the URL for redirecting. Only used when the URL method
is set to custom.
description
<description>
disabled
dsr
disabled
enabled
host
<hostname or IP Address>
listen
name
<new name>
port
<port number>
Sets the port for redirect requests. The default is port 443.
http
https
custom
request
protocol
urlmethod
176
Notes
The settings made by this command will only take effect after a write operation. The redirector
must be enabled before requests will be redirected.
The description is limited to 512 characters of free-form text, but can not include newlines. This
allows administrators to fully describe the redirectors usage, contact information, warnings, or
any other pertinent information they deem necessary.
Examples
set redirector 1 host 205.178.13.100
Sets the redirector 1 host to be 205.178.13.100.
set redirector 1 port 443
Redirects requests to port 443.
177
Use the set redirector <name> listen command to set the listen properties for the redirector.
This establishes a virtual IP address, port, or SSL configuration for a server redirectors traffic.
Roles
set redirector <name> listen
Role
port
ssl
vip
Admin
Network Admin
Network Operator
Security Admin
Security Operator
User
Options
The options shown in Table 3-84 can be entered after the set redirector <name> listen
command.
Table 3-84
Options
port
Value
<port number>
ssl
vip
Description
<ip>
Notes
The settings made by this command will only take effect after a write operation.
Examples
set redirector 1 listen vip 205.178.13.100
Sets the redirector 1 listen virtual IP address to 205.178.13.100.
set redirector 1 listen port 80
Sets the redirector 1 listen port to 80.
178
Use the set redirector <name> listen ssl command to establish properties of the redirector SSL
listen traffic. This feature is only available on the E|X Enterprise Application Processor product
line.
Roles
Role
Admin
Network Admin
Network Operator
Security Admin
Security Operator
User
Options
The options shown in Table 3-85 can be entered after the set redirector <name> listen ssl
command.
Table 3-85
Options
Value
Description
certfile
<file>
cipherfile
<filename>
Specifies the name of the user-defined file containing a list of cipher suites that conform to the OpenSSL standard.
all
Allows all support SSL cipher suites for redirector listen traffic.
common
Allows only the fastest cipher suites from both the strong and export groups.
export
Allows for the lower security cipher suites that are suitable for export.
file
strong
Allows only the highest security cipher suites that are suitable for
use in the United States.
ciphersuite
179
Table 3-85
Options
Value
authtype
cacertfile
[local | none]
<filename>
<filename>
<filename>
Sets the CA Trusted Certificate file to <filename> for the redirector. The <filename> must be a file containing a valid list of
one or more root- or intermediate-CA certificates; each certificate
is encoded in base64 format.
If the certificate is an intermediate certificate, its root CA certificate
must also be present in either a catrustfile or the cacertfile.
clientauth
cacrlfile
catrustfile
Description
disabled
enabled
disabled
disabled
enabled
ephkeyfile
<ephkeyfile>
Specifies the ephemeral key pass phrase for redirector listen traffic.
ephkeypass
keyfile
<file>
keypass
protocol
sslv2
sslv23
sslv3
tlsv1
Notes
The settings made by this command will only take effect after a write operation.
The ephemeral key is a debugging aid for export ciphers. The ephemeral keyfile must be a 512bit RSA key in OpenSSL PEM (base-64) format and, if encoded, must match the password.
180
181
set route
Purpose
set route
Admin
Network Admin
Network Operator
Security Admin
Security Operator
User
Options
The option shown in Table 3-86 can be entered after the set route command.
Table 3-86
Option
default
Description
Sets the default route.
Notes
This command takes effect immediately. To add a route, refer to add route on page 28 for
additional information.
Example
set route default 10.8.8.8
Sets the default route to the device to a specified address.
182
set server
Purpose
Use the set server command to turn the Redline server on or off, and to configure server
parameters.
Roles
set server
up | down
customip
logheader
failover
maxconns
reversepath
Admin
Network Admin
Network Operator
Role
Security Admin
Security Operator
User
Options
The options shown in Table 3-87 can be entered after the set server command.
Table 3-87
Options
Value
customiplogheader
Description
Use the set server customiplogheader command to set
the custom HTTP header that will be added along with the
clients original IP at the clients request. The header can
either be a literal or a custom field in which the appliance
will insert the origin clients IP address. Refer to the Logging chapter of the Installation and Administration Guide
for additional information.
<header>
down
failover
forwardclientcert
headername
maxconns
<value>
<header>
Sets the custom HTTP header used for SSL client certificate forwarding.
Sets the maximum number of simultaneous connections
that the appliance can support.
reversepath
up
Setting the Server up or down will take effect immediately after the command is executed. The
remainder of the settings in this section will only take effect after a write operation.
183
Part Number
Minimum
Maximum
T|X 2200
5,000
50,000
E|X 3200
5,000
50,000
T|X 2600
5,000
500,000
E|X 3600
5,000
500,000
Examples
set server up
Starts the server.
set server down
Stops the server.
set server maxconns 350000
Sets the maximum number of simultaneous connections to be 350,000.
set server customiplogheader rlnclientipaddr
Uses the rlnclientipaddr argument as a field to insert the IP address.
184
Use the set server failover command to enable or disable the Redline server failover. The first
server established with failover is the active server; the second is the standby server.
Roles
set server
failover
Role
Admin
Network Admin
Network Operator
Security Admin
Security Operator
User
Options
The options shown in Table 3-89 can be entered after the set server failover command.
Table 3-89
Options
Value
Description
disabled
enabled
linkfail
vmac
count
pollinterval
enabled
disabled
id
Failover Virtual MAC (vmac) ID. The valid range is one to 255,
and the default is zero.
Notes
The settings made by this command will only take effect after a write operation.
Both the active and the stand-by appliances should have this option enabled, and both units
should have the same cluster and forwarder settings.
Examples
set server failover enabled
Enables the Redline server failover.
set server failover disabled
Disables the Redline server failover.
185
Use the set server reversepath command to allow routes to be added when packets come back
from a node that does not appear in the appliances routing table.
Roles
set server reversepath
Role
Admin
Network Admin
Network Operator
Security Admin
Security Operator
User
Options
The options shown in Table 3-90 can be entered after the set server reversepath command.
Table 3-90
Options
Description
disabled
enabled
maxroutes
timeout
<number>
<seconds>
Configures the timeout value for the entries added by reversepath. Routes will be deleted after this interval of inactivity. The minimum timeout value is one second, the maximum
value is 5000 seconds, and the default is 45 seconds.
Notes
The settings made by this command will only take effect after the write command has been
given.
Examples
186
set slb
Purpose
Use the set slb commands to configure the internal Server Load Balancer.
Roles
set slb
Role
disabled | enabled
failover
group
sticky
session
advanced reset
Admin
Network Admin
Network Operator
Security Admin
Security Operator
User
Options
The options shown in Table 3-91 can be entered after the set slb command.
Table 3-91
Options
Values
client
Description
<enabled |
disabled>
<enabled |
disabled>
advanced reset
server
disabled
enabled
187
Table 3-91
Options
bindaddr
failover
188
Values
<ip addr>
Description
Sets the bind address for the failover mechanism.
disabled
enabled
forcemaster
<enabled |
disabled>
mcastaddr
<ip addr>
nodeid
<number |
auto>
port peer
<port>
vmac
<enabled |
disabled>
vmac id
<id>
Table 3-91
Options
Values
Description
<half | full>
nat port
<start | end>
<value>
protocol
<tcp | udp>
<roundrobin* |
leastconn |
bkupchain |
weightedrr |
maxconn>
sticky
<enabled |
disabled>
targethost
<ip:port>
healthcheck
smtp
<enabled |
disabled>
targethost
<ip:port | all>
maxconn
<number>
Sets the maximum number of concurrent connections per targethost when the maxconn load
balancing policy is in effect.
nat
<name>
group
policy
<name |
all>
189
Table 3-91
Options
Values
Description
down
<seconds>
syn
<seconds>
<seconds>
<number>
ackwait
<seconds>
active
<seconds>
<seconds>
interval
healthcheck
up
maxtries
session timeout
closewait
<disabled | enabled>
Stickiness results in a client always being connected to the same server (if reconnected before
the timeout). The default setting is disabled.
<timeout>
Sets the timeout for the stickiness of a particular client to a server. The default value is 120
minutes.
sticky
<minutes>
Notes
The set slb enabled and set slb disabled options take effect immediately, however
a write operation in needed to make the change persistent. The remainder of the settings made
by this command will only take effect after a write operation.
See the Server Load Balancing chapter of the Installation and Administration Guide for
complete information on Server Load Balancing policies.
Examples
% add slb group 192.168.15.62:999
Group 1 created
Add a group of IP 192.168.15.62 and port 999.
% set slb group 1 targethost 192.168.15.66:80
Adds target server 192.168.15.66 port 80 into this group.
190
191
Use the set sync group command to configure a synchronization group for configuration
synchronization.
Roles
Role
Admin
Network Admin
Network Operator
Security Admin
Security Operator
User
Options
The options shown in Table 3-92 can be entered after the set sync group <name> command.
Table 3-92
Options
description
member
<memberid>
Value
<description>
password
port
user
name
override
<username>
<newname>
disabled
enabled
filename
timeout
Description
<filename>
<time>
Notes
The settings made by this command will only take effect after a write operation.
For each of the commands, <memberid> is either <hostname:port> or <ip:port>.
Examples
None
192
set timezone
Purpose
Use the set timezone command to set the servers time zone.
Roles
Role
set timezone
Admin
Network Admin
Network Operator
Security Admin
Security Operator
User
Options
The option shown in Table 3-93 can be entered after the set timezone command.
Table 3-93
Option
<time zone>
Description
The server time zone
Notes
The settings made by this command will only take effect after a write operation.
The time zone settings are shown in Table 3-94. Use the show timezone list command (refer to
show timezone on page 308) to get a full list of time zones to see what your local zone is
called.
Table 3-94
Time Zones
Time Zones
Africa/Adibjan
America/Dominica
Antarctica/Mawson
Atlantic/Azores
Europe/Riga
Africa/Accra
America/Edmonton
Antarctica/McMurdo
Atlantic/Faeroe
Europe/Rome
Africa/Addis_Ababa
America/Eirunepe
Antarctica/Palmer
Atlantic/Jan_Mayen
Europe/Samara
Africa/Algiers
America/El_Salvador
Antarctica/South_Pole
Atlantic/Madeira
Europe/San_Marino
Africa/Asmera
America/Fortaleza
Antarctica/Syowa
Atlantic/Reykjavik
Europe/Sarajevo
Africa/Bamako
America/Glace_Bay
Antarctica/Vostok
Atlantic/South_Georgia
Europe/Simferopol
Africa/Bangui
America/Godthab
Arctic/Longyearbyen
Atlantic/St_Helena
Europe/Skopje
Africa/Banjul
America/Goose_Bay
Asia/Aden
Atlantic/Stanley
Europe/Sofia
Africa/Bissau
America/Grand_Turk
Asia/Almaty
Australia/Adelaide
Europe/Stockholm
Africa/Blantyre
America/Grenada
Asia/Amman
Australia/Brisbane
Europe/Tallinn
Africa/Brazzaville
America/Guadeloupe
Asia/Anadyr
Australia/Broken_Hill
Europe/Tirane
Africa/Bujumbura
America/Guatemala
Asia/Aqtau
Australia/Darwin
Europe/Uzhgorod
Africa/Cairo
America/Guayaquil
Asia/Aqtobe
Australia/Hobart
Europe/Vaduz
Africa/Casablanca
America/Guyana
Asia/Ashgabat
Australia/Lindeman
Europe/Vatican
Africa/Ceuta
America/Halifax
Asia/Baghdad
Australia/Lord_Howe
Europe/Vienna
193
Table 3-94
Time Zones
Time Zones
Africa/Conakry
America/Havana
Asia/Bahrain
Australia/Melbourne
Europe/Vilnius
Africa/Dakar
America/Hermosillo
Asia/Baku
Australia/Perth
Europe/Warsaw
Africa/Dar_es_Salaam
America/Indianapolis
Asia/Bangkok
Australia/Sydney
Europe/Zagreb
Africa/Djibouti
America/Inuvik
Asia/Beirut
Etc/GMT
Europe/Zaporozhye
Africa/Douala
America/Iqaluit
Asia/Bishkek
Etc/GMT+0
Europe/Zurich
Africa/El_Aaiun
America/Jamaica
Asia/Brunei
Etc/GMT+1
Indian/Antananarivo
Africa/Freetown
America/Jujuy
Asia/Calcutta
Etc/GMT+10
Indian/Chagos
Africa/Gaborone
America/Juneau
Asia/Choibalsan
Etc/GMT+11
Indian/Christmas
Africa/Harare
America/La_Paz
Asia/Chongqing
Etc/GMT+12
Indian/Cocos
Africa/Johannesburg
America/Lima
Asia/Colombo
Etc/GMT+2
Indian/Comoro
Africa/Kampala
America/Los_Angeles
Asia/Damascus
Etc/GMT+3
Indian/Kerguelen
Africa/Khartoum
America/Louisville
Asia/Dhaka
Etc/GMT+4
Indian/Mahe
Africa/Kigali
America/Maceio
Asia/Dili
Etc/GMT+5
Indian/Maldives
Africa/Kinshasa
America/Managua
Asia/Dubai
Etc/GMT+6
Indian/Mauritius
Africa/Lagos
America/Manaus
Asia/Dushanbe
Etc/GMT+7
Indian/Mayotte
Africa/Libreville
America/Martinique
Asia/Gaza
Etc/GMT+8
Indian/Reunion
Africa/Lome
America/Mazatlan
Asia/Harbin
Etc/GMT+9
Pacific/Apia
Africa/Luanda
America/Mendoza
Asia/Hong_Kong
Etc/GMT-0
Pacific/Auckland
Africa/Lubumbashi
America/Menominee
Asia/Hovd
Etc/GMT-1
Pacific/Chatham
Africa/Lusaka
America/Merida
Asia/Irkutsk
Etc/GMT-10
Pacific/Easter
Africa/Malabo
America/Mexico_City
Asia/Istanbul
Etc/GMT-11
Pacific/Efate
Africa/Maputo
America/Miquelon
Asia/Jakarta
Etc/GMT-12
Pacific/Enderbury
Africa/Maseru
America/Monterrey
Asia/Jayapura
Etc/GMT-13
Pacific/Fakaofo
Africa/Mbabane
America/Montevideo
Asia/Jerusalem
Etc/GMT-14
Pacific/Fiji
Africa/Mogadishu
America/Montreal
Asia/Kabul
Etc/GMT-2
Pacific/Funafuti
Africa/Monrovia
America/Montserrat
Asia/Kamchatka
Etc/GMT-3
Pacific/Galapagos
Africa/Nairobi
America/Nassau
Asia/Karachi
Etc/GMT-4
Pacific/Gambier
Africa/Ndjamena
America/New_York
Asia/Kashgar
Etc/GMT-5
Pacific/Guadalcanal
Africa/Niamey
America/Nipigon
Asia/Katmandu
Etc/GMT-6
Pacific/Guam
Africa/Nouakchott
America/Nome
Asia/Krasnoyarsk
Etc/GMT-7
Pacific/Honolulu
Africa/Ouagadougou
America/Noronha
Asia/Kuala_Lumpur
Etc/GMT-8
Pacific/Johnston
Africa/Porto-Novo
America/Panama
Asia/Kuching
Etc/GMT-9
Pacific/Kiritimati
Africa/Sao_Tome
America/Pangnirtung
Asia/Kuwait
Etc/GMT0
Pacific/Kosrae
Africa/Timbuktu
America/Paramaribo
Asia/Macau
Etc/UCT
Pacific/Kwajalein
Africa/Tripoli
America/Phoenix
Asia/Magadan
Etc/Greenwich
Pacific/Majuro
Africa/Tunis
America/Port-au-Prince
Asia/Makassar
Etc/Universal
Pacific/Marquesas
Africa/Windhoek
America/Port_of_Spain
Asia/Manila
Etc/Zulu
Pacific/Midway
America/Adak
America/Porto_Velho
Asia/Muscat
Europe/Amsterdam
Pacific/Nauru
America/Anchorage
America/Puerto_Rico
Asia/Nicosia
Europe/Andorra
Pacific/Niue
America/Anguilla
America/Rainy_River
Asia/Novosibirsk
Europe/Athens
Pacific/Norfolk
America/Antigua
America/Rankin_Inlet
Asia/Omsk
Europe/Belfast
Pacific/Noumea
America/Araguaina
America/Recife
Asia/Oral
Europe/Belgrade
Pacific/Pago_Pago
America/Aruba
America/Regina
Asia/Phnom_Penh
Europe/Berlin
Pacific/Palau
America/Asuncion
America/Rio_Branco
Asia/Pontianak
Europe/Bratislava
Pacific/Yap
America/Barbados
America/Santiago
Asia/Pyongyang
Europe/Brussels
Pacific/Pitcairn
America/Belem
America/Santo_Domingo
Asia/Qatar
Europe/Bucharest
Pacific/Ponape
America/Belize
America/Sao_Paulo
Asia/Qyzylorda
Europe/Budapest
Pacific/Port_Moresby
194
Table 3-94
Time Zones
Time Zones
America/Boa_Vista
America/Scoresbysund
Asia/Rangoon
Europe/Chisinau
Pacific/Rarotonga
America/Bogota
America/Shiprock
Asia/Riyadh
Europe/Copenhagen
Pacific/Saipan
America/Boise
America/St_Johns
Asia/Saigon
Europe/Dublin
Pacific/Tahiti
America/Buenos_Aires
America/St_Kitts
Asia/Sakhalin
Europe/Gibraltar
Pacific/Tarawa
America/Cambridge_Bay
America/St_Lucia
Asia/Samarkand
Europe/Helsinki
Pacific/Tongatapu
America/Cancun
America/St_Thomas
Asia/Seoul
Europe/Istanbul
Pacific/Truk
America/Caracas
America/St_Vincent
Asia/Shanghai
Europe/Kaliningrad
Pacific/Wake
America/Catamarca
America/Swift_Current
Asia/Singapore
Europe/Kiev
Pacific/Wallis
America/Cayenne
America/Tegucigalpa
Asia/Taipei
Europe/Lisbon
SystemV/AST4
America/Cayman
America/Thule
Asia/Tashkent
Europe/Ljubljana
SystemV/AST4ADT
America/Chicago
America/Thunder_Bay
Asia/Tbilisi
Europe/London
SystemV/CST6
America/Chihuahua
America/Tijuana
Asia/Tehran
Europe/Luxembourg
SystemV/CST6CDT
America/Cordoba
America/Tortola
Asia/Thimphu
Europe/Madrid
SystemV/EST5
America/Costa_Rica
America/Vancouver
Asia/Tokyo
Europe/Malta
SystemV/EST5EDT
America/Cuiaba
America/Whitehorse
Asia/Ulaanbaatar
Europe/Minsk
SystemV/HST10
America/Curacao
America/Winnipeg
Asia/Urumqi
Europe/Monaco
SystemV/MST7
America/Dawson
America/Yakutat
Asia/Vientiane
Europe/Moscow
SystemV/MST7MDT
America/Danmarkshavn
America/Yellowknife
Asia/Vladivostok
Europe/Nicosia
SystemV/PST8
America/Dawson_Creek
Antarctica/Casey
Asia/Yakutsk
Europe/Oslo
SystemV/PST8PDT
America/Denver
Antarctica/Davis
Asia/Yekaterinburg
Europe/Paris
SystemV/YST9
America/Detroit
Antarctica/DumontDUrville
Asia/Yerevan
Europe/Prague
SystemV/YST9YDT
Example
set timezone America/Los_Angeles
Sets the server time zone to America/Los Angeles.
195
Use the set user name command to define a users role, enable or disable a user, and set or
change a users password. A users settings may only be modified by an administrator.
Roles
Role
Admin
Network Admin
Network Operator
Security Admin
Security Operator
User
Options
The options shown in Table 3-95 can be entered after the set user name command.
Table 3-95
Options
Value
Description
Disables a user.
<username>
enabled
Enables a user.
mustchange
The password for the account must be changed the next time
that the user logs in.
password
Each user can be assigned one or more roles. This command assigns all users with one or more roles as specified in the list. A
role can be one of the following:
administrator
network _administrator
network_operator
security_administrator
security operator
user
This command adds to the roles that the user is already assigned. This command has no effect on the default account (e.g.,
the account with the default user name redline) or the administrative user who is making the changes).
Notes
The users settings are changed immediately after executing this command without using a
write operation. Refer to the Installation and Administrative Guide for the definition of each
users role.
196
Examples
set user bmartino enabled
Enables the user bmartino. An example output is:
%set user bmartino enabled
user bmartino is now enabled
set user role bmartino security_administrator
Adds the role Security Administrator to user bmartino. An example output is:
%set user role bmartino security_administrator
role security_administrator has been added to user bmartinos
permissions
set user bmartino password
Sets a password for user bmartino. An example output is:
%set user bmartino password
new password: ********
retype new password: ********
password changed
set user bmartino mustchange
User bmartino will be prompted to change the password the first time he or she logs in.
set user bmartino disabled
Disables user bmartino.
197
set vlan
Purpose
Use the set vlan command to set the Virtual LAN parameters.
Roles
Role
set vlan
Admin
Network Admin
Network Operator
Security Admin
Security Operator
User
Options
The options shown in Table 3-96 can be entered after the set vlan command.
Table 3-96
Options
Value
Description
default
<tag>
ip
<IP Address>
range
<startip-endip | all>
<tag>
Assign a VLAN tag to all the packets going from or to this IP address
Assign a VLAN tag to all the packets going from or to this range of IP
addresses
Notes
The settings made by this command will only take effect after a write operation.
A tag added with a specific IP address takes precedence over a range. For example, if you add:
% set vlan range 192.168.10.100-192.168.10.200 10
and
% set vlan ip 192.168.10.34
456
the tag will have a VLAN ID of 456 instead of 10, even though IP 192.168.10.34 falls in the
specified range. If there is a conflict between the tag for the source IP and the tag for the
destination IP, the destination IP will take precedence.
Example
set vlan ip 192.168.10.100 10
Assigns a VLAN tag of 10 to all the packets going to or from the IP address 192.168.10.100.
set vlan range 192.168.10.100-192.168.10.200 10
Assigns a VLAN tag of 10 to all the packets going to or from the range of IP addresses from
192.168.10.100 to 192.168.10.200.
198
show activen
Purpose
show activen
Admin
Network Admin
Network Operator
Security Admin
Security Operator
User
Options
The options shown in Table 3-97 can be entered after the show activen command.
Table 3-97
Options
Value
Description
<blank>
advanced
<ip|all>
blade
<ip|all>
stats
failover
group
Used to display the blade statistics. Using all will display all blades.
Used to show the settings for the failover mechanism.
Used to display the group characteristics. Using all will display all
groups.
<name|all>
<name|all>
stats
Used to display the group statistics. Using all will display all groups.
stats
status
sticky
199
Table 3-98
activen Statistics
Statistic
Description
Total Statistics
Bytes
Packets
Flushed
The total number of connections that have been flushed by ActiveN. Once the
appliance receives a RST or a FIN from the client for an active connection, it
then waits a number of seconds, and flushes the connection. The counter is
then incremented.
syn
rst
fin
Current Sessions
Active
Fin
The current number of FINs sent by the client prior to ActiveN flushing.
Reset
The current number of RSTs sent by the client prior to ActiveN flushing.
Troubleshooting these parameters depends on the nature of the problem that is occurring. For
instance, if the active session count is really high and increasing, but the flushed count is
low and not increasing, this could imply there are slow client or target hosts, or there could be
high latency on transactions with the Redline appliance.
By knowing what these values mean, you can keep track of what is going on in you site
(primarily from the client side to the Redline appliance). Dividing these numbers by time can
give you an average occurrence count of each variable in the ActiveN stats.
Example
200
Local
NO
NO
YES
NO
NO
NO
RealIP
10.0.61.100
10.0.61.110
10.0.61.120
10.0.61.130
10.0.61.140
10.0.61.150
Mac
0:e0:81:2:46:4a
0:e0:81:3:ff:7d
0:e0:81:3:b5:f7
0:e0:81:4:10:82
0:30:48:71:d4:50
0:30:48:72:58:34
201
show admin
Purpose
Use the show admin command to show the administrative services configuration.
Roles
Role
show admin
Admin
Network Admin
Network Operator
Security Admin
Security Operator
User
Options
The options shown in Table 3-99 can be entered after the show admin command.
Table 3-99
Options
202
See
<blank>
audit
page 204
cli
page 205
page 206
interface
page 207
log
page 208
netmask
page 209
scp
page 210
snmp
page 211
snmp trap
page 213
soap
page 215
ssh
page 216
syslog
page 217
tcpdump
page 218
telnet
page 219
tftp
page 220
tsdump
page 221
upgrade
page 222
vip
page 223
webui
page 224
Notes
Each of the show commands is explained in greater detail in the section that is referenced.
Examples
203
Use the show admin audit command to display the audit trail setting.
Roles
Role
Admin
Network Admin
Network Operator
Security Admin
Security Operator
User
Options
The option shown in Table 3-100 can be entered after the show admin audit command.
Table 3-100 show admin audit Option
Option
Description
<blank>
showcmd
Notes
Because there is only one subcommand, the information show using the show admin audit
command and the show admin audit showcmd subcommand will be identical.
Examples
show admin audit showcmd
Displays whether show commands should be logged in the audit trail. An example of the output is:
redline% show admin audit showcmd
Show cmds admin logging: enabled
204
Use the show admin cli command to show the configuration for the Command Line Interface.
Roles
Role
Admin
Network Admin
Network Operator
Security Admin
Security Operator
User
Options
Table 3-101 show admin cli Option
Option
Description
<blank>
sessionExpireTime
Notes
None
Example
None
ex% show admin cli
Cli Session Expire Time: 7200
Shows the Admin CLI expiration time.
205
Use the show admin email command to show the main/default E-mail configuration. This
command shows the default E-Mail configuration, but not individually configurable E-mail
settings such as those set with the set admin log, set admin tcpdump, and set admin tsdump
commands.
Roles
Role
Admin
Network Admin
Network Operator
Security Admin
Security Operator
User
Options
None
Notes
None
Example
show admin email
Shows the E-mail information configuration, including:
SMTP server
Sender E-mail address
Default to E-mail address
An example of the output is:
tx% show admin email
SMTP server: mail.company.com
Email address:
From address: tx@company.com
Default 'to' address: jim@company.com
206
Use the show admin interface command to show the admin interface settings.
Roles
Role
Admin
Network Admin
Network Operator
Security Admin
Security Operator
User
Options
None
Notes
None
Example
show admin interface
Shows the admin interface settings. An example of the output is:
tx% show admin interface
Admin Interface: ether0
207
Use the show admin log command to show the logging configurations.
Roles
Role
Admin
Network Admin
Network Operator
Security Admin
Security Operator
User
Options
None
Notes
None
Example
show admin log
Shows the logging configurations, including:
Where it will be logged: memory, syslog, or E-mail
Level of logging for each destination
E-mail addresses where the log will be sent
If logging is enabled
An example of the output is:
tx% show admin log
Logging: enabled
Logging to:
email: ALERT
memory: ALERT
syslog: (none)
console: (none)
Email 'mailto' addresses:
mailto1: jim@company.com
mailto2:
208
Use the show admin netmask command to show the netmask setting for the admin interface.
Roles
Role
Admin
Network Admin
Network Operator
Security Admin
Security Operator
User
Options
None
Notes
None
Example
show admin netmask
Show the netmask setting for the admin interface.
209
Admin
Network Admin
Network Operator
Security Admin
Security Operator
User
Options
The options shown in Table 3-102 can be entered after the show admin scp command.
Table 3-102 show admin scp Options
Options
Description
<blank>
Displays the SCP server configuration and the user name for the SCP
operation.
server
username
Notes
None
Examples
show admin scp
Show the SCP configuration. An example of the output
is:
tx% show admin scp
SCP Server: download.company.com
SCP UserName: root
210
Use the show admin snmp command to show the SNMP configuration information.
Roles
Role
Admin
Network Admin
Network Operator
Security Admin
Security Operator
User
Options
The options shown in Table 3-103 can be entered after the show admin snmp command.
Table 3-103 show admin snmp Options
Options
Value
<blank>
community
Description
Shows the SNMP configuration.
<blank>
ip
name
netmask
contact
location
status
trap
Notes
None
Example
show admin snmp status
Shows whether the SNMP is up or down.
211
212
Use the show admin snmp trap command to display options related to sending SNMP traps.
Roles
show admin snmp
trap
Role
Admin
Network Admin
Network Operator
Security Admin
Security Operator
User
Options
The options shown in Table 3-104 can be entered after the show admin snmp trap command.
Table 3-104 show admin snmp trap Options
Options
Values
Description
<blank>
authfailure
enterprise
generic
<blank>
host
[1 | 2]
threshold
<blank>
community
ip
version
<blank>
Displays the threshold set for connections counted in percentages, and the
number of retries for failure to log-in correctly.
connection
Notes
None
213
Examples
show admin snmp trap
Displays SNMP trap settings. An example of the output is:
tx% show admin snmp trap
Trap Host 1 IP: 192.168.0.74
Trap Host 1 Community:
Trap Host 1 Version:
Trap Host 2 IP:
Trap Host 2 Community:
Trap Host 2 Version:
Generic Traps: disabled
Enterprise Traps: disabled
Authentication Failure Trap: enabled
Trap Connection Threshold: 50
show admin snmp host 1
Displays settings for the SNMP trap host 1.
214
Use the show admin soap command to show the configuration of the Simple Object Access
Protocol (SOAP) server. The SOAP server is used with configuration synchronization.
Roles
Role
Admin
Network Admin
Network Operator
Security Admin
Security Operator
User
Options
The options shown in Table 3-105 can be entered after the show admin soap command.
Table 3-105 show admin soap Options
Options
Value
Description
<blank>
port
ssl
Shows all of the SSL configuration parameters for the SOAP server.
ssl
status
certfile
keyfile
keypass
Notes
215
Use the show admin ssh command to show the SSH configuration. This command tells you if
you can access the appliance using SSH.
Roles
Role
Admin
Network Admin
Network Operator
Security Admin
Security Operator
User
Options
The options shown in Table 3-106 can be entered after the show admin ssh command.
Table 3-106 show admin ssh Options
Options
Description
<blank>
status
Notes
None
Example
show admin ssh
Displays the SSH configuration. An example of the output is:
show admin ssh
SSH: up
216
Use the show admin syslog command to show the syslog configuration.
Roles
Role
Admin
Network Admin
Network Operator
Security Admin
Security Operator
User
Options
The options shown in Table 3-108 can be entered after the show admin syslog command:
Table 3-107 show admin syslog Options
Options
Description
facility
host1
host2
port
Notes
None
Example
show admin syslog
Shows the syslog hosts and syslog facilities configuration. An example of the output is:
tx% show admin syslog
SyslogHost1:
SyslogHost2:
SyslogPort: 514
Logging Facility: LOG_USER
tx%
217
Use the show admin tcpdump command to show the TCPDump configuration.
Roles
Role
Admin
Network Admin
Network Operator
Security Admin
Security Operator
User
Options
The options shown in Table 3-108 can be entered after the show admin tcpdump command:
Table 3-108 show admin tcpdump Options
Options
Description
<blank>
filename
transport
Notes
Refer to tcpdump on page 317 for additional information regarding the TCPDump.
Examples
show admin tcpdump
Shows the TCPDump configuration. An example of the output is:
tx% show admin tcpdump
transport: tftp
filename: tx_dump
mailto1: jim@company.com
mailto2:
show admin tcpdump transport
Shows the transport method used to send TCPDump configuration. An example of the output is:
show admin tcpdump transport
transport: tftp
218
Use the show admin telnet command to show whether telnet is up or down.
Roles
Role
Admin
Network Admin
Network Operator
Security Admin
Security Operator
User
Options
The options shown in Table 3-109 can be entered after the show admin telnet command.
Table 3-109 show admin telnet Options
Options
Description
<blank>
status
Notes
None
Example
show admin telnet
Shows the telnet configuration as up or down. An example of the output is:
show admin telnet
Telnet: up
219
Use the show admin tftp command to display the TFTP configuration.
Roles
Role
Admin
Network Admin
Network Operator
Security Admin
Security Operator
User
Options
None
Notes
None
Example
show admin tftp
Shows the TFTP configuration. An example of the output is:
show admin tftp
TFTP Server: lab_tftp
220
Use the show admin tsdump command to display the Technical Services Dump configuration.
Roles
Role
Admin
Network Admin
Network Operator
Security Admin
Security Operator
User
Options
The options shown in Table 3-110 can be entered after the show admin tsdump command.
Table 3-110 show admin tsdump Options
Options
Description
<blank>
filename
transport
Displays the transport method use to send the TSDump information. The
transport method can be any of SMTP, TFTP, or SCP.
Notes
None
Examples
show admin tsdump
Shows the Technical Services Dump configuration. An example of the output is:
tx% show admin tsdump
transport: tftp
filename: tx_tsdump
mailto1: jim@company.com
mailto2:
show admin tsdump transport
Shows the Technical Services Dump configuration.
221
Use the show admin upgrade command to show the filename of the appliance pac file
(firmware) to be upgraded.
Roles
Role
Admin
Network Admin
Network Operator
Security Admin
Security Operator
User
Options
The options shown in Table 3-111 can be entered after the show admin upgrade command.
Table 3-111 show admin upgrade Options
Options
Description
<blank>
filename
transport
Notes
None
Examples
show admin upgrade filename
Shows the filename of the appliance pac file. An example of
the output is:
tx% show admin upgrade filename
Upgrade Filename: 3_2_3.pac
show admin upgrade transport
Shows the transport method used to install new firmware.
222
Use the show admin vip command to show the Virtual IP Address (VIP) of the appliance.
Roles
Role
Admin
Network Admin
Network Operator
Security Admin
Security Operator
User
Options
None
Notes
None
Example
None
223
Use the show admin webui command to show the settings for the Web User Interface (WebUI).
Roles
Role
Admin
Network Admin
Network Operator
Security Admin
Security Operator
User
Options
The options shown in Table 3-112 can be entered after the show admin webui command.
Table 3-112 show admin webui Options
Options
Description
<blank>
port
sessionexpiretime
ssl
status
1. It is possible to configure WebUI administrator to listen on an IP (10.0.20.0, for example) and use port
8090. At the same time, a cluster of target hosts may be configured to use the same IP and port
(10.0.20.0:8090). When a configuration change is made that requires a restart of the multiplexing engine,
a WebUI administrator page could be displayed. To prevent this from occurring, you should not use the
administrator port as a cluster port.
Notes
None
Examples
show admin webui
Shows the Web Administration Server configuration. An example of the output is:
show admin webui
Port: 8090
SSL Status: disabled
Session Expire Time: 900
Admin: up
224
225
show arp
Purpose
show arp
Admin
Network Admin
Network Operator
Security Admin
Security Operator
User
Options
None
Notes
None
Example
show arp
Displays the current ARP table. An example of the of output is:
tx6% show arp
? (10.0.81.1) at 00:d0:bc:ed:0e:04 on fxp0 [ethernet]
? (10.0.81.10) at 00:e0:18:8a:fc:43 on fxp0 [ethernet]
? (10.0.81.20) at 00:e0:18:8a:fa:fd on fxp0 [ethernet]
? (10.0.81.30) at 00:e0:18:8a:fb:d1 on fxp0 [ethernet]
? (10.0.81.40) at 00:e0:18:84:97:00 on fxp0 [ethernet]
? (10.0.81.50) at 00:e0:18:8a:f3:68 on fxp0 [ethernet]
? (10.0.81.60) at 00:e0:18:89:f0:a1 on fxp0 [ethernet]
tx6%
226
show authentication
Purpose
Use the show authentication command to show the configuration for the authentication cache.
If no option is specified, all information regarding the authentication cache is displayed.
Roles
show authentication
Role
cache
stats
Security Admin
Security Operator
Admin
Network Admin
Network Operator
User
Options
The options shown in Table 3-113 can be entered after the show authentication
command.
Table 3-113 show authentication cache Options
Options
Description
<blank>
cache
stats
Notes
None
Examples
None
227
show boot
Purpose
show boot
Admin
Network Admin
Network Operator
Security Admin
Security Operator
User
Options
None
Notes
None
Example
show boot
Shows boot partition information. An example of the output is:
tx% show boot
228
show cache
Purpose
Use the show cache authentication command to show the statistics for the authentication
cache. Use the show cache <name> command to show the configuration for a named cache. If
no name is specified, all caches are displayed.
Roles
show cache
show cache
authentication
<name>
Admin
Network Admin
Network Operator
Role
Security Admin
Security Operator
User
Options
The options shown in Table 3-114 can be entered after the show cache <name> command.
Table 3-114 show cache <name> Options
Options
Value
Description
<blank>
stats
stats
<number>
stats
<seconds>
<name | all>
stats
detail
[summary | object_size |
content_type |
hit_count <number> |
MRU <number> |
LRU <number> ]
Notes
None
229
Examples
show cache secureImages stats detail object_size
Displays the summary cache statistics for the cache named secureImages based on the object size:
Object Size Statistics:
Object Size
(bytes)
# Objects
# Hits
---------------- ------------ -----------1 - 256
0
0
256 - 512
1
12
512 - 1K
4
48
1K - 2K
6
72
2K - 4K
1
12
4K - 8K
3
36
8K - 16K
1
12
16K - 33K
0
0
33K - 66K
1
12
66K - 131K
0
0
131K - 262K
0
0
262K - 524K
0
0
1M+
0
0
show cache secureImages stats detail content_type
Displays cache statistics for the cache named secureImages based on the content type:
Content-Type Statistics:
Content-Type
# Objects # Hits
-------------------------------- ---------- ---------image/jpeg
3
36
text/html
1
12
image/gif
13
156
show cache secureImages stats detail hit_count 5
Displays cache statistics for the cache named secureImages based on the hit count:
Size # Hits
Cache Time Order
------- -------- ---------- --------2K
12
321
1
3K
12
321
2
2K
12
321
3
1K
12
321
4
1K
12
321
5
URL
-------------------------/images/FossilLogo.gif
/images/bb120x30.jpg
/images/main_pg.gif
/images/yahoo_120X30.gif
/images/yahoo_10_61.gif
230
URL
-------------------------/images/FossilLogo.gif
/images/bb120x30.jpg
/images/main_pg.gif
Use the show capacity command to show the capacity of the system, where <seconds> is time
intervals for printing the next row. The values shown are averaged over the last 60 seconds.
Roles
show capacity
<seconds>
Role
Admin
Network Admin
Network Operator
Security Admin
Security Operator
User
Options
None
Notes
None
Example
Memory
(%used)
60
(%used)
40
Network
ether0
ether1
(bytes in) (bytes out)(bytes in) (bytes out)
1,210,000 1,210,000 1,210,000 1,210,000
The CPU value shows the percentage in use by users and the system (combined average over
the last 60 seconds).
The Memory value shows the percentage of memory used in the system (average over the last
60 seconds).
The Network value shows the bytes per second for interface ether0 and ether1 (average over the
last 60 seconds).
231
show clock
Purpose
Use the show clock command to show the time and date.
Roles
Role
show clock
Admin
Network Admin
Network Operator
Security Admin
Security Operator
User
Options
None
Notes
YYYY = year
MM = month
DD = day
HH = hour
MM = minute
SS = second
TZ = timezone
Example
show clock
Shows date and time. An example of the output is:
2002.08.14 14:22:06 PDT.
232
Use the show cluster <name> command to show the configuration for a specific cluster.
Roles
show cluster <name>
aaa
authentication
Role
Admin
apprule
busy
redirect
cache
connbind
convert302
protocol
dsr
health
Network Admin
Network Operator
Security Admin
Security Operator
User
X
X
listen
Admin
Network Admin
Network Operator
listen
ssl owa
X
stats
page 251
page 257
page 251
page 257
page 251
page 257
Security Admin
page 251
page 257
Security Operator
page 251
page 257
User
page 251
page 257
Options
The options shown in Table 3-115 can be entered after the show cluster <name> command.
Table 3-115 show cluster <name> Options
Options
Values
<blank>
aaa
authentication 3
Description
Shows all cluster configurations.
<blank>
cache
maxage
cache
method
233
Values
Description
<blank>
anonymous
base-dn
bind-dn
gid
server 1
server 2
ssl
ldap
ssl
aaa
authentication 3
234
status
uri
uid
version
password
radius server
cacertfile
<blank>
key
retries
Shows the IP address and port number of the first Radius server (server 1) that will be used for the cluster.
timeout
Shows the timeout value for the Radius server that will
be used for the cluster.
aaa
authentication 3
redirect
Values
Description
<blank>
host
Shows the remote host from where the URL will be retrieved.
protocol
Shows the protocol used when retrieving the password change custom page.
status
url
response
all
<blank>
limit
retrypost
ruleset
ptc
[M|all]
pth
[M|all]
rs
[M|all]
rth
[M|all]
Shows the Request Translator Header (RTH) statistics for one or all of the clusters. M represents the rule
number.
apprule1
stats
cache
cache
connbind
status
<blank>
stats
[http | io]
<blank>
status
convert302protocol
description
dsr
<description>
235
health
Values
Description
<blank>
interval
resume
Shows the number of times the health check failed before the appliance declares the target server down.
retry
returncode
size
status
string
timeout
Shows the timeout value; the maximum time (in seconds) that the appliance will wait for the last byte of
the HTTP response, measured from the time that the
GET request was sent.
urlpath
useragent
<blank>
port
ssl
listen
targetsdown
owa 2
236
finclient refers to the historical behavior of allowing the client to connect and then subsequently
closing down the connection with a FIN.
blackhole refers to the current behavior of dropping all packets sent to the cluster that has all of its
target hosts down.
redirect <url> refers to the new behavior of redirecting clients with an HTTP 302 reply to the new
location specified in <url>. The URL is specified as:
http[s]://<server>[:port][/path/resource]
vip
<blank>
status
Values
Description
Shows all statistics for the cluster. See show cluster
<name | all> stats on page 251 for more information.
<blank>
aaa 3
stats
authentication
authorization
history
http
io
ssl
<blank>
sticky
cookie
transparency
health
clientip
target
<blank>
<blank>
distribution
timeout
<blank>
expire
mask
method
<blank>
host
host
all
stats
host
<ip:port> stats
localip
name
ssl
status
<blank>
237
Values
Description
<blank>
compression
copy
<blank>
Shows both the copy size and the copy time for weblog batch storage.
size
time
Shows the times when the Web Log will be transmitted to the configured syslog server.
<blank>
batch
failure
weblog
host
scp
scp
directory
keyfile
username
destination
format
status
syslog
<blank>
host
port
Notes
The results that you see when you type the show cluster or show cluster all commands depends
on the roles that have been assigned to you. You will only see the cluster information that you
are allowed to see by virtue of your role. See the individual show cluster subcommands to
determine what commands your role supports.
The show cluster all command can not take any subcommands. Adding a subcommand after
the keyword all will return an error.
238
Table 3-116 shows notes on the number of connections referred to in the health listings.
Table 3-116 Notes on Number of Connections
Parameter
Description
Total
In Use
Hot
Cold
Number of connections available to clients that are not currently connected to target servers.
Discards
Examples
show cluster
Shows all cluster configurations.
show cluster all
Shows all cluster configurations.
show cluster 1 listen ssl
Shows cluster 1 listen SSL status.
show cluster 1 target
Shows cluster 1 target configuration.
show cluster 1 health
Shows the content health check settings for cluster 1.
show cluster 1 transparency
Shows the Client IP Transparency status.
show cluster 1 stats io
239
Shows the IO status information for the cluster. An example is shown below:
tx6% show cluster 1 stats io
IO Statistics - cluster 1 listen
Current State Up
Bytes In (Req from Clients) 107.16MB
Bytes Out (Resp to Clients) 146.34MB
Current Client Connections 0
Total Client Connections 315.22K
Refused Client Connections 0
IO Statistics - cluster 1 target host all
Bytes In (Resp from Servers) 68.89MB
Bytes Out (Req to Servers) 120.67MB
IO Statistics - cluster 1 physical target all
Current Active Server Conns 16
Current Idle Server Conns 629
Total Server Connections 17.06K
Passed Health Chks (Server OK) 43.88K
Failed Health Chks (Server Down) 4.13K
240
show cluster 1
Shows the cluster configuration. A sample of the show cluster 1 command output is:
Cluster [1]
Listen Port: 80
Listen VIP: 192.168.4.145
Listen Netmask: 255.255.255.255
Listen SSL Status: Disabled
Listen Protocol: sslv23
Listen Certfile:
Listen Keyfile:
Listen Keypass: none
Listen Ciphersuite: all
Targetname: mywebserver.redlinenetworks.com
Target SSL Status: Disabled
Target Protocol: tlsv1
Target Certfile:
Target Keyfile:
Target Keypass: none
Target Ciphersuite: common
Target Timeout: 1440
Health Check Status: enabled
Health Check Interval: 2
Health Check Retry: 4
Health Check Resume: 2
Health Check Url Path: /index.html
Health Check Return Code: 200
Health Check Size: -1
Health Check String:
Sticky Method: None
Sticky Cookie Expire: 0
Sticky Cookie Mask: ipport
Sticky Cookie Expire: 0
Sticky Client IP Timeout: 120
Sticky Client IP Timeout Distribution: 120 internet
DSR Status: Disabled
Convert 302 Protocol Status: Disabled
Busy redirect URL: www.foobar.com
Log status: disabled
Log Format: common
Log Syslog Host:
Log Syslog Port: 514
DSR Status: disabled
TargetHosts:
[1] 166.218.71.87:80 (enabled)
241
242
Out
Out
Out
Out
Out
Out
Out
Out
GET 315.19K
POST 0
HEAD 0
PUT 0
Other 0
IE 6.0 315.19K
IE 5.5 0
IE 5.0 0
IE 4.x 0
IE Other 0
Netscape 0
Opera 0
Other 0
Illegal
Illegal
Illegal
Illegal
Illegal
Illegal
Illegal
Illegal
Illegal
Illegal
Illegal
243
Content
Content
Content
Content
Content
Content
Content
Content
Content
Content
Content
Content
Content
Content
Content
Content
Content
244
SSLv2
SSLv3
TLSv1
Other
0
0
0
0
SSLv2
SSLv3
TLSv1
Other
0
0
0
0
245
Use the show cluster <name> apprule command to show the application rule parameters for
a specific cluster.
Roles
show cluster <name> apprule
Role
limit
ruleset
stats
status
Admin
Network Admin
Network Operator
Security Admin
X
X
Security Operator
User
Options
The options shown in Table 3-117 can be entered after the show cluster <name> apprule
command.
Table 3-117 show cluster <name> apprule Options
Options
Value
Variable
<blank>
limit
[blank]
retrypost
ruleset
stats
status
Description
ptc
[M|all]
pth
[M|all]
rs
[M|all]
Shows the Request Sentry (RS) statistics for one or all of the
clusters.
rth
[M|all]
Notes
In each of the statistical commands (stats), M represents the rule number. Refer to the
Installation and Administration Guide for more information.
246
Use the show cluster <name> listen ssl command to show the configuration of the SSL listen
parameters for a specific cluster.
Roles
Role
Admin
Network Admin
Network Operator
Security Admin
Security Operator
User
Options
The options shown in Table 3-118 can be entered after the show cluster <name> listen ssl
command.
Table 3-118 show cluster <name> listen ssl Options
Options
Description
<blank>
certfile
cipherfile
cipherlist
Shows the cluster listen SSL cipherlist (actual list) of cipher suites that
are being used. Showing the cipherlist will print out a detailed line for
each cipher suite, showing the name, version, key exchange, authentication, encryption, and hash methods.
ciphersuite
clientauth 1
Shows the SSL client certification. Refer to set cluster <name> listen
ssl on page 139 and show cluster <name> listen ssl clientauth on
page 249 for additional information.
ephkeyfile
keyfile
protocol
status
1.This command is only available on the E|X Enterprise Application Processor product line.
Notes
247
Examples
show cluster 1 listen ssl
Shows the cluster 1 listen SSL information.
show cluster 1 listen ssl ciphersuite
Shows the cluster 1 listen SSL cipher suite settings.
248
Use the show cluster <name> listen ssl clientauth command to show the configuration of the
SSL client authentication parameters for a specific cluster. This feature is only available on the
E|X Enterprise Application Processor product line.
Roles
show cluster <name>
listen ssl clientauth
Role
Admin
Network Admin
Network Operator
Security Admin
Security Operator
User
Options
The options shown in Table 3-119 can be entered after the show cluster <name> listen ssl
clientauth command.
Table 3-119 show cluster <name> listen ssl clientauth Options
Options
Value
Description
<blank>
authtype
cacertfile
cacrlfile
catrustfile
forwardclientcert
status
<blank>
Shows all of the settings for the client authentication forwardclientcert feature.
format
Shows all of the settings for the client authentication forwardclientcert format.
status
Shows all of the settings for the client authentication forwardclientcert headername.
<blank>
Notes
None
249
Examples
show cluster 1 listen ssl clientauth
Shows SSL client authentication settings for cluster 1.
Sample output as follows:
tx% show cluster 1 listen ssl clientauth
Client Authentication: enabled
CA Certfile: ca_cert_list.cert
CA CRL File: ca_crl_list.crl
CA Trust File: ca_trusted_list.cert
show cluster 1 listen ssl clientauth
Show all of the settings for the client authentication feature. Sample output as follows:
ex% show cluster 1 listen ssl clientauth
Client Authentication: enabled
Client Authentication Type: local
<------ added
Client Certificate Forwarding: disabled <------ added
CA Certfile: ca_cert_list.cert
CA CRL File: ca_crl_list.crl
CA Trust File: ca_trusted_list.cert
Client Certificate Forwarding Format: PEM <----- added
show cluster <name> listen ssl clientauth status
Shows whether or not client authentication is enabled or not.
Example:
ex% show cluster 1 listen ssl clientauth status
Client Authentication: enabled
Client Authentication Type: local
<------ added
Client Certificate Forwarding: disabled <------ added
CA Certfile: ca_cert_list.cert
CA CRL File: ca_crl_list.crl
CA Trust File: ca_trusted_list.cert
show cluster <name> listen ssl forwardclientcert format
Show all of the settings for the client authentication forwardclientcert format.
Example:
ex% show cluster 1 listen ssl clientauth forwardclientcert format
Client Certificate Forwarding Format: PEM
250
Use the show cluster <name | all> stats command to display the I/O, HTTP or SSL statistics
for a specific cluster or for all clusters.
Roles
show cluster <name | all> stats
Role
health
history
io | http
ssl
Admin
Network Admin
Network Operator
Security Admin
Security Operator
User
Options
The options shown in Table 3-120 can be entered after the show cluster <name | all> stats
command.
Table 3-120 show cluster <name | all> stats Options
Options
Description
<blank>
Displays the I/O, HTTP, and SSL statistics for a specific cluster or for all
clusters.
auth
Show the authentication statistics for the named cluster or all clusters.
health
history
Shows the history information for the cluster. For more information, see show
cluster <name | all> stats history on page 253.
http
Displays the HTTP statistics for a specific cluster or for all clusters.
io
Displays the I/O, HTTP, and SSL statistics for a specific cluster or for all
clusters.
ssl
Displays the SSL statistics for a specific cluster or for all clusters.
Notes
None
Examples
show cluster 1 stats
Displays the I/O, HTTP, and SSL statistics for cluster 1.
show cluster all stats
Displays the I/O, HTTP, and SSL statistics for all clusters.
251
252
Use the show cluster <name | all> stats history command to display the history statistics for
a specific cluster or for all clusters.
Roles
show cluster <name | all>
stats history
Role
Admin
Network Admin
Network Operator
Security Admin
Security Operator
User
Options
The options shown in Table 3-121 can be entered after the show cluster <name | all> stats
command.
Table 3-121 show cluster <name | all > stats history Options
Options
Value
listen
http
target
Description
<blank>
Shows the HTTP statistics for the named cluster or all clusters.
browser
Shows the connections by the type of browser. The browsers monitored are shown in Table 3-122.
method
Shows the request method. The methods that are monitored are shown in Table 3-123.
req-err
request
version
<blank>
Shows the HTTP statistics for the named cluster or all clusters.
bytesin
bytesout
content
response code
253
Table 3-121 show cluster <name | all > stats history Options
Options
Value
Description
listen
target
io
ssl
Shows the SSL statistics for the cluster including the number of:
New Sessions
Reused Sessions
Sessions with Strong Encryption
Sessions with Export Encryption
Sessions using Version SSLv2
Sessions using Version SSLv3
Sessions using Version TLSv1
Sessions using Version Other
status
254
IE 6.0
Netscape 6
IE 5.5
Mozilla
IE 5.1
Opera
IE 5.0
Konquerer
IE 4.x
Safari
IE Other
None
Netscape 4
Other
COPY
SEARCH
LABEL
HEAD
MOVE
SUBSCRIBE
MERGE
POST
LOCK
UNSUBSCRIBE
BASELINE-CONTROL
PUT
UNLOCK
X-MS-ENUMATTS
MKACTIVITY
DELETE
BCOPY
VERSION-CONTROL
BIND
TRACE
BDELETE
REPORT
MKRESOURCE
OPTIONS
BMOVE
CHECKOUT
ORDERPATCH
CONNECT
BPROPFIND
CHECKIN
ACL
PROPFIND
BPROPPATCH
UNCHECKOUT
Other
PROPPATCH
NOTIFY
MKWORKSPACE
MKCOL
POLL
UPDATE
Illegal method
Illegal Header
255
OCTET-STREAM
JPEG
MS-WORD
HTML
MS-EXCEL
CSS
MS-POWERPOINT
XML
Custom-1
PLAIN
Custom-2
X-COMPONENT
Custom-3
JAVASCRIPT
Other
FLASH
Examples
ex% show cluster 1 stats history status
Historical Stats Status: enabled
Shows whether historical stats are enabled or disabled
256
Use the show cluster <name> target host <ip:port | all> stats command to display the I/O,
HTTP or SSL statistics for a specific target host or for all target hosts in a cluster.
Roles
show cluster <name> target host <ip:port | all> stats
Role
http
io
ssl
Admin
Network Admin
Network Operator
Security Admin
Security Operator
User
Options
The options shown in Table 3-127 can be entered after the show cluster <name> target host
[M | all] stats command.
Table 3-127 show cluster <name> target host <ip:port | all> stats Options
Options
Description
<blank>
Displays the I/O, HTTP and SSL statistics for a target host or all target hosts
in a cluster.
history
Displays the history for a target host. For more information, see show cluster
<name> target host <ip:port | all> stats history on page 258.
http
Displays the HTTP statistics for a target host or for all target hosts in a cluster.
io
Displays the I/O statistics for a target host or for all target hosts in a cluster.
ssl
Displays the SSL statistics for a target host or for all target hosts in a cluster.
Notes
None
Examples
show cluster 1 target host all stats
Displays the I/O, HTTP, and SSL statistics for all target hosts in cluster 1.
show cluster 1 target host all stats io
Displays the I/O statistics for all target hosts in cluster 1.
show cluster 1 target host 1 stats http
Displays the HTTP statistics for target host 1 in cluster 1.
257
Use the show cluster <name> target host <ip:port | all> stats history command to display
the history statistics for a specific target host or for all target hosts.
Roles
show cluster <name>
target host <ip:port | all>
stats history
Role
Admin
Network Admin
Network Operator
Security Admin
Security Operator
User
Options
The options shown in Table 3-128 can be entered after the show cluster <name> target host
<ip:port | all> stats history command.
Table 3-128 show cluster <name | all > target host <ip:port | all> stats history Options
Options
http
io
258
Value
Description
<blank>
bytesin
bytesout
content
response code
<blank>
bytesin
bytesout
Table 3-128 show cluster <name | all > target host <ip:port | all> stats history Options
Options
Value
ssl
<blank>
Description
Shows all of the SSL statistics for a clusters target host.
Shows the SSL statistics for the target host including the
number of:
New Sessions
Reused Sessions
Sessions with Strong Encryption
Sessions with Export Encryption
Sessions using Version SSLv2
Sessions using Version SSLv3
Sessions using Version TLSv1
Sessions using Version Other
ssl
Notes
None
Examples
259
Use the show cluster <name> target ssl command to show the SSL target configuration of a
cluster.
Roles
show cluster <name>
Role
Admin
target ssl
X
Network Admin
Network Operator
Security Admin
Security Operator
User
Options
The options shown in Table 3-129 can be entered after the show cluster <name> target ssl
command.
Table 3-129 show cluster <name> target ssl Options
Options
Description
<blank>
certfile
cipherfile
cipherlist
Shows the cluster listen SSL cipherlist (actual list) of cipher suites that
are being used. Showing the cipherlist will print out a detailed line for
each ciphersuite, showing the name, version, key exchange, authentication, encryption, and hash methods.
ciphersuite
keyfile
protocol
status
timeout
Notes
260
261
show commands
Purpose
show commands
Admin
Network Admin
Network Operator
Security Admin
Security Operator
User
Options
None
Notes
None
Example
show commands
Shows the commands list.
262
show config
Purpose
Use the show config command to show the configuration in the memory.
Roles
Role
show config
Admin
Network Admin
Network Operator
Security Admin
Security Operator
User
Options
None
Notes
None
Example
show config
Shows the current configuration. An example of the command output is:
------- Hostname, Date, & Time -----Hostname: tx2.redlinenetworks.com
2002.08.14 14:19:12 PDT
Timezone: America/Los_Angeles
NTP server1: www.foobar.com
NTP: down
------------ Network ------------Domain: redlinenetworks.com
Nameserver1: 192.168.0.2
ether0: IP address = 10.0.22.50 netmask =
255.255.255.0
ether0: MAC = 00:e0:81:04:a0:06 MTU = 1500
ether0 media: 100baseTX full-duplex (100baseTX fullduplex) Status: active
ether0 supported media options:
[1] 10baseT/UTP
[2] 10baseT/UTP full-duplex
[3] 100baseTX
[4] 100baseTX full-duplex
[5] autoselect
263
264
265
show dashboard
Purpose
Use the show dashboard command to display a summary view of the overall health of the
appliances memory, CPU status, VIP and Target server health status, connections count, and
bytes savings.
Roles
Role
show dashboard
Admin
Network Admin
Network Operator
Security Admin
Security Operator
User
Options
None
Notes
Example
show dashboard
Shows the status of the appliance, VIP, and target servers. An example of the command output is:
% show dashboard
Start Time:
July 27, 12:04
Current Time: July 31, 14:26
Uptime:
4 days 2 hours, 22 minutes
T|X Health:
---------------------------------Memory
- OK.
CPU
- OK.
Network - OK.
VIP and Target Server Health:
---------------------------------Cluster 1 - 216.136.145.168 - (up)
Target 1 192.168.0.5 (up)
Target 2 192.168.0.6 (up)
Target 3 192.168.0.7 (up)
266
156,263 (156K)
257,896 (257K)
238,005,365 (238M)
Byte Savings:
---------------------------------Since clearing the stats on July 27, 12:04 this Redline appliance
has saved a total of 25,365,256,263 bytes.
How long would it take to transfer that much data
over various links?
A T-1 user would need: 1 year, 4 months, 3 days
A DSL user would need: 3 years, 6 months, 12 days
A 56K user would need: 12 years, 2 months, 0 days
267
show dns
Purpose
Use the show dns command to show the Domain Name Service (DNS) options.
Roles
Role
show dns
Admin
Network Admin
Network Operator
Security Admin
Security Operator
User
Options
The options shown in Table 3-130 can be entered after the show dns command.
Table 3-130 show dns Options
Options
Value
Description
<blank>
domain
server
N | blank
Notes
None
Examples
show dns
Displays both the name server and the domain.
show dns domain
Displays just the domain (i.e., foobar.com).
show dns server 1
Displays the IP address of the domain name server.
268
show ether n
Purpose
Use the show ether n command to show the settings for ethernet interfaces.
Roles
Role
show ether n
Admin
Network Admin
Network Operator
Security Admin
Security Operator
User
Options
The options shown in Table 3-131 can be entered after the show ether n command.
Table 3-131 show ether n Options
Options
Description
<blank>
ip
mac
media
mtu
netmask
subnet
Notes
269
The MTU (Maximum Transmission Unit) should be set to 1500 for the ethernet.
Note: DO NOT change this value unless your switch and network are configured to
work with a different MTU.
Examples
show ether 1 mac
Shows the ether 1 MAC address.
show ether 1
Shows the ether 1 settings.
270
show file
Purpose
show file
Admin
Network Admin
Network Operator
Security Admin
Security Operator
User
Options
The option shown in Table 3-132 can be entered after the show file command.
Table 3-132 show file Option
Option
<filename>
Description
Displays the contents of the file with the name <filename>.
Notes
This command has the same effect as the command display file.
Example
show file my_ssl_key
Displays the contents of the SSL key name my_ssl_key.
271
show flash
Purpose
Use the show flash command show to Flash disk usage for the active partition: kilobytes used,
kilobytes available, and total kilobytes.
Roles
Role
show flash
Admin
Network Admin
Network Operator
Security Admin
Security Operator
User
Options
None
Notes
Following is a sample of the show flash command output for the active partition:
42120 Kb used, 20272 Kb avail, 62392 Kb total
Example
show flash
Shows Flash disk usage.
272
show floatingvip
Purpose
Use the show floatingvip command to show the all of the Floating VIP addresses.
Roles
Role
show floatingvip
Admin
Network Admin
Network Operator
Security Admin
Security Operator
User
Options
None
Notes
None
Examples
None
273
Use the show forwarder <name | all> command to show the forwarder configuration. A
forwarder is used to forward TCP traffic only (i.e., SMTP traffic).
Roles
Role
Admin
Network Admin
Network Operator
Security Admin
Security Operator
User
Options
The options shown in Table 3-133 can be entered after the show forwarder <name | all>
command.
Table 3-133 show forwarder <name> Options
Options
Description
<blank>
all
Shows information for all forwarders. No subcommands may follow the all
command. See Notes.
description
dsr
listen
stats
Displays the I/O statistics for a specific forwarder or for all forwarders.
target
Displays the I/O statistics for a specific target host or for all target hosts in a
forwarder. See show forwarder <name> target host [M | all] stats on
page 276 for more information.
Notes
The show forwarder all command can not take any subcommands. Adding a subcommand
after the keyword all will return an error.
DSR = Direct Server Return: A configuration where requests from the Redline appliance to the
server are returned by the server directly to the client, rather than using the appliance to pass
the response to the client.
274
Examples
show forwarder
Shows all forwarder configurations. Refer to set forwarder <name> on page 165 for additional information.
show forwarder 1
Shows information for forwarder 1.
show forwarder all
Shows all forwarder information.
show forwarder 1 stats
Displays the I/O statistics for the forwarder 1.
show forwarder all stats
Displays the I/O statistics for all forwarders.
275
Use the show forwarder <name> target host [M | all] stats command to display the I/O
statistics for a specific target host or for all target hosts in a forwarder.
Roles
Role
Admin
Network Admin
Network Operator
Security Admin
Security Operator
User
Options
None
Notes
None
Examples
show forwarder 1 target host 1 stats
Displays the I/O statistics for target host 1 in forwarder 1.
show forwarder 1 target host all stats
Displays the I/O statistics for all target hosts in forwarder 1.
276
Use the show health remotehost command to show parameters relating to connectivity
failover.
Roles
Role
Admin
Network Admin
Network Operator
Security Admin
Security Operator
User
Options
The options shown in Table 3-134 can be entered after the show health remotehost command.
Table 3-134 show health remotehost Options
Options
Description
<blank>
host
interval
Shows the health check interval (how often to send the health checks).
minhostsfailing
retry
status
timeout
Shows the health check timeout (how long to wait for a response).
Notes
None
Example
None
277
show hostname
Purpose
show hostname
Admin
Network Admin
Network Operator
Security Admin
Security Operator
User
Options
None
Notes
None
Example
show hostname
Shows the domain name for the host (i.e., tx2.foobar.com).
278
show license
Purpose
Use the show license command to show the data needed for license key generation.
Roles
Role
show license
Admin
Network Admin
Network Operator
Security Admin
Security Operator
User
Options
The options shown in Table 3-136 can be entered after the show license command.
Table 3-135 show license Options
Options
Description
<blank>
data
Notes
None
279
Example
show license
Shows details about the appliances license.
ex% show license
E|X 3200
1408
Virtual IP Addresses:
64
Target Hosts/VIP:
32
Connections:
50000
OWA (WebDAV) licensed.
ActiveN licensed.
Groups:
64
Blades:
2048
SLB licensed.
Groups:
64
Targethosts:
32
RADIUS Authentication licensed.
LDAP Authentication licensed.
Historical Stats licensed.
Apprules licensed:
Request Translator Header (RTH):
Page Translator Header (PTH):
Page Translator Content (PTC):
Request Sentry (RS):
show license data
Shows the data needed for license key generation.
ex% show license data
A0IhJqU/QMgLDI8Vav
280
Unlimited
Unlimited
Unlimited
Unlimited
show log
Purpose
Use the show log command to show entries from the Apprule, Audit, and System logs.
Roles
show log
Role
apprule
audit
system
Admin
Network Admin
Network Operator
Security Admin
Security Operator
User
Options
The options shown in Table 3-136 can be entered after the show log command.
Table 3-136 show log Options
Options
Description
apprule
audit
system
Notes
None
Examples
281
show loginbanner
Purpose
Use the show loginbanner command to the display the current login banner with the
appropriate substitutions. This banner must have been previously set using the capture
loginbanner command.
Roles
Role
Admin
Network Admin
Network Operator
Security Admin
Security Operator
User
Options
None
Notes
None
Example
show loginbanner
Shows the login banner with the appropriate substitutions. Refer to capture on page 31 for
additional information.
282
show netstat
Purpose
Use the show netstat command to show network statistics. These statistics include active
internet connection information such as send and receive queues, local and foreign addresses,
and states.
Roles
Role
show netstat
Admin
Network Admin
Network Operator
Security Admin
Security Operator
User
Options
The options shown in Table 3-137 can be entered after the show netstat command.
Table 3-137 show netstat Options
Options
Description
<blank>
-a
-s
-r
Notes
283
show netstat 1
Shows network statistics every second. Use ^C (control C) to stop.
show netstat -r
Shows the routing table. Sample output is as follows:
tx2200% show netstat -r
Routing Tables:
Internet:
Destination
Gateway
Flags
default
192.168.0.1
UGSc
12.12.1.23
12.12.12.12
UGHS
192.168.0/16
link#1
UC
192.168.0.1
0:d0:b7:85:bc:a0 UHLW
192.168.40.169/32 link#1
UC
192.168.40.188/32 link#1
UC
192.168.40.228
8:0:46:4d:60:40 UHLW
Expire
show netstat -s
Shows the network statistics. Sample output is as follows:
tx2200% show netstat -s
tcp:
107268 packets sent
2286 data packets (17826876 bytes)
0 data packets (0 bytes) retransmitted
0 resends initiated by MTU discovery
142799 ack-only packets (15 delayed)
0 URG only packets
0 window probe packets
248 window update packets
43068 control packets
16917 packets received
7755 acks (for 17830102 bytes)
3488 duplicate acks
0 acks for unsent data
5474 packets (17825611 bytes) received in-sequence
243 completely duplicate packets (0 bytes)
0 old duplicate packets
0 packets with some dup. data (0 bytes duped)
0 out-of-order packets (0 bytes)
0 packets (0 bytes) of data after window
0 window probes
3387 window update packets
0 packets received after close
0 discarded for bad checksums
0 discarded for bad header offset fields
0 discarded because packet too short
39862 connection requests
37 connection accepts
0 bad connection attempts
0 listen queue overflows
3296 connections established (including accepts)
284
812
1125
285
ip:
17091 total packets received
0 bad header checksums
0 with size smaller than minimum
0 with data size < data length
0 with ip length > max ip packet size
0 with header length < data size
0 with data length < header length
0 with bad options
0 with incorrect version number
0 fragments received
0 fragments dropped (dup or out of space)
0 fragments dropped after timeout
0 packets reassembled ok
17091 packets for this host
0 packets for unknown/unsupported protocol
0 packets forwarded (0 packets fast forwarded)
0 packets not forwardable
0 packets received for unknown multicast group
286
show ntp
Purpose
Use the show ntp command to show the Network Time Protocol (NTP) configuration.
Roles
Role
show ntp
Admin
Network Admin
Network Operator
Security Admin
Security Operator
User
Options
The options shown in Table 3-138 can be entered after the show ntp command.
Table 3-138 show ntp Options
Options
Description
<blank>
status
Notes
None
Example
show ntp
Shows the NTP configuration, including the server, and whether the NTP daemon is up or
down.
287
show ntpq
Purpose
Use the show ntpq command to query the Network Time Protocol (NTP) server.
Roles
Role
show ntpq
Admin
Network Admin
Network Operator
Security Admin
Security Operator
User
Options
None
Notes
The command show ntpq uses the mode 6 control message format to query an NTP server
about its current state.
Example
show ntpq
Queries the NTP server. An example of the output is:
tx% show ntpq
288
Use the show redirector <name> command to show the configuration for a specific redirector.
Roles
show redirector <name>
customurl, dsr, host, port,
protocol, status, urlmethod
listen
listen ssl
Admin
Network Admin
Network Operator
Role
Security Admin
Security Operator
User
Options
The options shown in Table 3-139 can be entered after the show redirector <name> command.
Table 3-139 show redirector <name> Options
Options
Value
Description
<blank>
customurl
description
dsr
host
listen
<blank>
port
ssl
vip
port
protocol
stats
<blank>
io
ssl
status
urlmethod
289
Notes
None
Examples
show redirector 1 listen ssl
Shows the redirector 1 listen SSL status.
show redirector 1 customURL
Shows the redirector custom URL string configuration.
show redirector 1
Shows the complete redirector configuration. An example of the command output is:
tx% show redirector 1
Redirector [1]
Listen Port: 80
Listen VIP: 192.168.113.114
Listen Netmask: 255.255.255.255
Listen SSL Status: disabled
Listen Protocol: sslv23
Listen Certfile:
Listen Keyfile:
Listen Keypass: none
Listen Ciphersuite: all
Listen Client Authentication: disabled
Listen CA Certfile:
Listen CA CRL File:
Listen CA Trustfile:
DSR Status: disabled
Status: enabled
Protocol: https
Host: 192.168.113.114
Port: 443
URL Method: request
Custom URL:
290
Use the show redirector <name> listen ssl command to show the configuration of the SSL
listen parameters for a specific redirector. This feature is only available on the E|X Enterprise
Application Processor product line.
Roles
Role
Admin
Network Admin
Network Operator
Security Admin
Security Operator
User
Options
The options shown in Table 3-140 can be entered after the show redirector <name> listen ssl
command.
Table 3-140 show redirector <name> listen ssl Options
Options
Description
<blank>
certfile
cipherfile
cipherlist
Shows the cluster listen SSL cipherlist (actual list) of cipher suites that
are being used. Showing the cipherlist will print out a detailed line for
each ciphersuite, showing the name, version, key exchange, authentication, encryption, and hash methods.
clientauth
ciphersuite
ephkeyfile
keyfile
protocol
status
Notes
291
Examples
show redirector 1 listen ssl
Shows the redirector 1 listen SSL information.
show redirector 1 listen ssl ciphersuite
Shows the redirector 1 listen SSL cipher suite settings.
292
show route
Purpose
show route
Admin
Network Admin
Network Operator
Security Admin
Security Operator
User
Options
None
Notes
None
Examples
show route
Shows the route. An example of the output is:
se2200% show route
Default route: 192.168.0.1
[1] 66.12.13.5 192.168.0.10
[2] 66.12.14.0 192.168.0.11 255.255.255.0
[1] and [2] represent the route number that is used when deleting a route. The example also
shows that the destination IP address 66.12.13.5 can be reached via the gateway
192.168.0.10.
293
show server
Purpose
all
customlogheader
failover
maxconns
reversepath
status
Network Admin
Network Operator
Admin
Security Admin
Security Operator
User
Options
The options shown in Table 3-141 can be entered after the show server command.
Table 3-141 show server Options
Options
Values
Description
<blank>
customiplogheader
Shows the custom header name that will be added to the client's
request with client's original IP address.
failover
<blank>
failover
linkfail
<blank>
linkfail
count
linkfail
pollinterval
vmac
vmac
forwardclientcert
maxconns
reversepath
reversepath
294
entries
maxroutes
timeout
Values
Description
stats
status
None
Examples
show server status
Displays the status of the server; either up or down. An example of the output is:
show server status
Server: up
295
all
history
[io | http]
ssl
Network Admin
Network Operator
Admin
Security Admin
Security Operator
User
Options
The options shown in Table 3-142 can be entered after the show server stats command.
Table 3-142 show server stats Options
Options
Description
<blank | n>
Displays all server statistics, including I/O, HTTP and SSL statistics for
the server. Typing a number (n) here repeatedly displays all server statistics every n seconds.
history
http
io
ssl
Notes
None
296
Examples
show server stats
Displays the statistics of the server. An example of the output is:
show server stats
IO Statistics - server listen
Bytes In (Req from Clients) 8
Bytes Out (Resp to Clients) 3553
Current Client Connections 0
Total Client Connections 4
Refused Client Connections 0
IO Statistics - server target host all
Bytes In (Resp from Servers) 0
Bytes Out (Req to Servers) 0
IO Statistics - server physical target all
Current Active Server Conns 0
Current Idle Server Conns 12
Total Server Connections 108
Passed Health Chks (Server OK) 0
Failed Health Chks (Server Down) 0
. . .
show server stats 5
Repeatedly displays the statistics for the server every five seconds.
show server stats io
Displays all I/O statistics of the server.
show server stats http
Displays all HTTP statistics of the server.
show server stats ssl
Displays all SSL statistics of the server.
297
Use the show server stats history command to display the history statistics for the server.
Roles
show server stats
history
Role
Admin
Network Admin
Network Operator
Security Admin
Security Operator
User
Options
The options shown in Table 3-120 can be entered after the show server stats history
command.
Table 3-143 show server stats history Options
Options
Value
listen
http
target
298
Description
<blank>
browser
method
req-err
request
version
<blank>
bytesin
bytesout
content
response code
Value
Shows all of the client-side I/O statistics for the cluster, including:
Bytes In (Req from Clients)
Bytes Out (Resp to Clients)
Current Client Connections
Total Client Connections
Refused Client Connections
<blank>
listen
io
target
Description
<blank>
day
hour
minute
month
second
year
<blank>
day
hour
month
year
299
Value
Shows the SSL statistics for the cluster including the number of:
New Sessions
Reused Sessions
Sessions with Strong Encryption
Sessions with Export Encryption
Sessions using Version SSLv2
Sessions using Version SSLv3
Sessions using Version TLSv1
Sessions using Version Other
<blank>
ssl
listen
target
Description
<blank>
day
hour
minute
month
second
year
<blank>
day
hour
month
year
Notes
None
Example
None
300
show slb
Purpose
Use the show slb command to display information related to the internal Server Load Balancer.
Roles
show slb
Role
failover
group
stats
status
targethost
Admin
Network Admin
Network Operator
Security Admin
Security Operator
User
Options
The options shown in Table 3-144 can be entered after the show slb command.
Table 3-144 show slb command Options
Options
Value
Description
<blank>
failover
group
<name | all>
stats
targethost
session
stats
status
Meaning
Disabled
Enabled (stand-alone)
Enabled (active)
Enabled (passive)
301
302
303
% show slb
Shows the Server Load Balancer basic configuration:
% show slb
Server Load balancer basic Configuration
=============================
Reap Timeouts(in Seconds):
Active: 23
Close: 13
Ack Wait(syn flood): 12
Reset to client: disabled
Reset to server: enabled
HealthCheck Params
Timeouts(In seconds):
Up: 67
Down: 13
Syn wait: 5
Max tries(before fail): 3
Switch Status: enabled
% show slb group 1
Shows the configuration for Server Load Balancer group 1:
% show slb group 1
========================================
group 1
vip: 192.168.15.62
port: 110
protocol: tcp
nat: full
nat port start: 1024
nat port end: 8000
________________________________________
server 1
ip: 192.168.0.2
port: 110
Status: Up
________________________________________
========================================
% show slb group <192.168.15.62:70> targethost <i192.168.0.2:80>
Shows the configuration for Server Load Balancer with maxconn selected:
% show slb group <192.168.15.62:70> targethost <192.168.0.2:80>
server(192.168.0.2:80) (group: 192.168.15.62:70)
ip: 192.168.0.2
port: 80
weight: 1
Max connection: 400 <==== Max connections to the target host.
Status: Up
304
show support
Purpose
Use the show support command to display support contact information for Redline Networks,
Incorporated.
Roles
Role
show support
Admin
Network Admin
Network Operator
Security Admin
Security Operator
User
Options
None
Notes
None
Example
show support
Displays the phone number, E-mail and web site addresses for Redline Networks support
organization.
305
Use the show sync group command to show the configuration of a synchronization group for
configuration synchronization.
Roles
Role
Admin
Network Admin
Network Operator
Security Admin
Security Operator
User
Options
The options shown in Table 3-146 can be entered after the show sync group command.
Table 3-146 show sync group Options
Options
Value
Description
<blank>
description
member
override
<blank>
<id>
all
<blank>
filename
status
Notes
None
306
show tcpdump
Purpose
Use the show tcpdump command to display previously captured TCPDump information.
Roles
Role
show tcpdump
Admin
Network Admin
Network Operator
Security Admin
Security Operator
User
Options
None
Notes
The command tcpdump must be executed first in order to collect the information before the
command can be used to show captured information. Refer to tcpdump on page 317 for
additional information.
Example
show tcpdump
Displays previously captured TCPDump information.
307
show timezone
Purpose
Use the show timezone command to show the time zone or a list of all time zones.
Roles
Role
show timezone
Admin
Network Admin
Network Operator
Security Admin
Security Operator
User
Options
The options shown in Table 3-147 can be entered after the show timezone command.
Table 3-147 show time zone Options
Options
Description
<blank>
list
Notes
The settings made by this command will only take effect after a write operation.
This command is used in conjunction with the set timezone command (refer to set timezone
on page 193) to manage the timezone properties.
Examples
show timezone
Shows the current time zone.
show timezone list
Show a list of all time zones.
308
show traceroute
Purpose
Use the show traceroute command to show how your data packets go from where you are to a
particular destination.
Roles
Role
show traceroute
Admin
Network Admin
Network Operator
Security Admin
Security Operator
User
Options
None
Notes
None
Example
show traceroute
Shows a trace that follows your data packets on
their route to a destination.
309
show ua
Purpose
show ua
Admin
Network Admin
Network Operator
Security Admin
Security Operator
User
Options
None
Notes
This command prints out the terms and conditions of purchase, price and payment information,
delivery and warranty, and limitations of liability for the appliance.
Example
show ua
Shows the use agreement.
310
show user
Purpose
Use the show user command to display the users status and role. Only users with an
administrator role may display this information.
Roles
Role
Admin
show user
X
Network Admin
Network Operator
Security Admin
Security Operator
User
Options
The options shown in Table 3-148 can be entered after the show user command.
Table 3-148 show user Options
Options
Description
<blank>
<username>
Notes
Refer to the Installation and Administrative Guide for the definition of each users role.
Examples
show user bmartino
Displays administrative rights for user bmartino as:
% show user bmartino
User
status
--------bmartino
Enabled
roles
----Security Administrator
311
show user
Displays defined administrative rights for all users as:
% show user
User
Status
Roles
------------bmartino
Enabled
Security Administrator
jsingh
Enabled
Administrator
jmelvile
Disabled
Network Operator
jvecchi
Enabled
(none)
A newly added user without a role is displayed as (none):
312
show version
Purpose
Use the show version command to display the version of the firmware in the active partition of
the appliance.
Roles
Role
show version
Admin
Network Admin
Network Operator
Security Admin
Security Operator
User
Options
None
Notes
The show version command only displays the partition currently running.
Example
show version
Shows the version of firmware currently running.
313
show vlan
Purpose
show vlan
Admin
Network Admin
Network Operator
Security Admin
Security Operator
User
Options
The options shown in Table 3-149 can be entered after the show vlan command.
Table 3-149 show vlan Options
Options
Value
Description
<blank>
default
ip
<ip | all>
range
<startip-endip | all>
Notes
None
Example
None
314
ssldump
Purpose
The ssldump command is a monitoring tool that is used to monitor ssl traffic. It captures a
dump of the SSL traffic going through the appliance and saves it for examination later.
Roles
Role
ssldump
Admin
Network Admin
Network Operator
Security Admin
Security Operator
User
Options
None
Notes
None
Examples
None
315
Use the synchronize group command to synchronize the configuration settings across a group
of appliances. Before this command can be executed, both the Synchronization Group and the
SOAP server must have been set up correctly.
Roles
Role
Admin
synchronize group
X
Network Admin
Network Operator
Security Admin
Security Operator
User
Options
None
Notes
None
Example
None
316
tcpdump
Purpose
Use the tcpdump command to collect the TCPDump information into a file.
Roles
Role
tcpdump
Admin
Network Admin
Network Operator
Security Admin
Security Operator
User
Options
The options shown in Table 3-150 can be entered after the tcpdump command.
Table 3-150 tcpdump Options
Options
Value
Description
Executes the TCPDump command and collects
the dump information into a file.
<blank>
-i
<blank>
port 80
Tcpdump will filter data from the Ethernet connection and port specified
[ether 0 | ether 1]
Notes
The TCPDump command consists of information useful for troubleshooting. You must
configure the mechanism to deliver the dump and filename for storing the TCPDump if you are
using TFTP or SCP before executing this command:
set admin tcpdump filename <filename> (only needed for TFTP)
set admin tcpdump transport (scp | smtp | tftp)
Prior to Release 2.3, the TCPDump collected by the appliance was encoded in base64.
Beginning with Release 2.3, the TCPDump collected is in a binary format. The command for
viewing TCPDump contents online is:
show tcpdump
TCPDumps collected prior to Release 2.3 can be viewed offline by decoding it from the base64
format using a standard utility such as uudecode. Once decoded, it can then be viewed with a
standard TCPDump utility with the r option. TCPDumps collected with Release 2.3 or later
can be viewed directly with a standard TCPDump utility.
Running a new TCPDump will overwrite the prior dump collected. To copy the TCPDump
from the appliance for analysis, use the copy tcpdump command. Refer to copy on page 60
for additional information.
317
Example
tcpdump
Executes the TCPDump command and collects the dump information into a file.
318
tsdump
Purpose
Use the tsdump command to send the technical service dump to a TFTP server or to the
E-mail address configuration.
Roles
Role
tsdump
Admin
Network Admin
Network Operator
Security Admin
Security Operator
User
Options
None
Notes
Technical Service dumps consist of information useful for remote troubleshooting. You must
configure the mechanism to deliver the dump and filename for storing the technical service
dump if you are using TFTP or SCP before executing this command:
set admin tsdump filename <filename> (only needed for TFTP)
set admin tsdump transport (scp | smtp | tftp)
Example
tsdump
Executes the TSDump and sends the information to the configured destination.
319
wall
Purpose
Use the wall command to write a message to all users who are currently logged into the Web
I/O Accelerator.
Roles
Role
wall
Admin
Network Admin
Network Operator
Security Admin
Security Operator
User
Options
None
Notes
None
Example
wall please log off now, rebooting in 2 minutes...
Write the message please log off now, rebooting in 2 minutes on the console to all users
who are logged in.
320
who
Purpose
Use the who command to display a list of other people currently logged in.
Roles
Role
who
Admin
Network Admin
Network Operator
Security Admin
Security Operator
User
Options
None
Notes
None
Example
who
Displays a list of who is logged in. An example of the command output is:
tx2200% who
rlshell
ttyp0
Nov 5 13:35
(dhcp-228)
321
whoami
Purpose
Use the whoami command to display who is logged in by a user. The user shown in the example
is an administrator for the appliance.
Roles
Role
whoami
Admin
Network Admin
Network Operator
Security Admin
Security Operator
User
Options
None
Notes
322
write
Purpose
write
Admin
Network Admin
Network Operator
Security Admin
Security Operator
User
Options
The option shown in Table 3-151 can be entered after the write command.
Table 3-151 write Option
Option
<blank>
Description
Write commands to the startup configuration.
Notes
Use reload to revert back to the previous configuration and discard any changes that you have
made since the last saved configuration.
Example
write
Writes (saves) the configuration.
323
324
Appendix A. Glossary
Appendix A.
Glossary
Term
Description
Busy Redirect
If the Target web server responds with a Busy error, the Web I/O Accelerator will serve the page specified by this URL instead.
Certfile
Cipher
Ciphersuite
A set of ciphers.
Cluster
Convert302protocol
Converts the 302 responses from HTTP to HTTPS or from HTTPS to HTTP.
Customiplogheader
A special header to annotate the log; showing the session that is being
logged in an easily identifiable way.
Custom Header
This is custom HTTP header that will be added with the clients origin IP to
the client's request.
Default Route
Also known as the Gateway, this is the IP address of the machine the
Web I/O Accelerator talks with in order to access the outside world.
Reduces the outgoing traffic channeled through a load balancer by allowing web servers to send their HTTP responses directly back to the requesting client without passing back through the load balancer. Enable this
option on the Web I/O Accelerator if the target web servers are configured
to use DSR.
DNS Domain
Also known as the Domain Suffix; this will be used to resolve unqualified
host names.
DNS Nameserver
The IP address of the primary name server for the Web I/O Accelerator.
This is the machine the Web I/O Accelerator queries to resolve host names
into IP addresses.
Ethernet 0 (ether0)
This is the primary ethernet port of the Web I/O Accelerator and the interface through which web traffic travels.
Ethernet 1 (ether1)
Farm
A set of web clusters, typically with each cluster serving a different purpose.
Fail-over
This specifies whether or not the Web I/O Accelerator should act as a coldstandby fail-over unit for another Web I/O Accelerator on the network.
NOTE: both the active and the stand-by T|X units should have this option
enabled, and both units should have the same Virtual IP settings
325
Apprndix A. Glossary
Forwarder
Hostname
The fully qualified DNS name for the Web I/O Accelerator.
Keyfile
Keypass
Layer 7 Health
Checking
The number of seconds separating each health check request sent to the
the target hosts. The valid range of values is 1 - 60 seconds.
The URL path that is requested on a target host with each health check.
The URL path must begin with a slash '/'.
The number of times a health check must fail before the target host is considered unavailable. The valid range of values is 1 - 20.
The number of times a health check must succeed before the target host
is considered available. The valid range of values is 1 - 20.
The HTTP response status code expected from a target host in response
to a health check. For typical use, the status code should be set to 200.
The page size expected from a target host in response to a health check.
This is the number of bytes in the body of the HTTP response, as it would
be indicated in an HTTP Content-Length header. This is an optional setting; to disable this setting, use the value -1.
Listen Port
The port on which the Web I/O Accelerator listens for incoming web traffic;
it is typically set to 80.
Listen IP Address
Listen IP Netmask
Log Host
The IP address of the server to which the Web I/O Accelerator will be sending logging data.
Logging
Turns logging on or off. Remember that logging always exacts a performance penalty.
Media
Media is the mode in which an ethernet interface (ether0 and ether1) operates.
326
Appendix A. Glossary
MTU
Maximum Transmission Unit (MTU) is the largest number of bytes of payload data a frame can carry, not counting the frame's header and trailer.
The MTU should be set to 1500 for Ethernet. DO NOT change this value
unless your switch and network are configured to work with a different
MTU.
Netmask
A mask to filter out addresses that should not access the device.
NTP
Network Time Protocol. Specifies whether or not the Web I/O Accelerator
should listen for your NTP server.
RADIUS
Redirector
Redirector Host
The host portion of the redirect URL sent by the redirector. That is, this is
the web server to which the client should be redirected. The redirector host
may be specified as either a hostname or an IP address.
Redirector Port
Redirector Protocol
The protocol portion of the redirect URL sent by the redirector. Valid values
are HTTP and HTTPS.
Redirector URL
Method
The manner by which the redirector specifies the path portion of the redirect URL. If the request method is selected, then the redirector will construct the redirect URL using the same URL path as the original request. If
the custom method is selected, then the redirector will construct the redirect URL using a custom URL path. You must specify a custom URL path
if the custom method is selected, and the custom URL path must begin
with a slash '/'.
For instance, if the request method is selected and the redirector receives
a request for a page at '/path/page.html', then the redirect URL will look
something like 'http://my.redirect.host/path/page.html'. However, if the
custom method is selected and the custom URL path is set to '/custom/
script.cgi?a=b', then the redirect URL will look something like 'http://my.redirect.host/custom/script.cgi?a=b' for any request received by the redirector.
RMMP
Route (Default)
Also known as the Gateway. This is the IP address of the machine the
Web I/O Accelerator talks with in order to access the outside world.
Server
SSL
Secure Sockets Layer (SSL) is a protocol that defines a way for two network devices to communicate securely. You can enable SSL on the listen
side to communicate with clients securely. You can enable SSL on the target side to communicate with the target hosts securely
327
Apprndix A. Glossary
There are three versions of SSL protocol: SSL version 1 (SSLv1), SSL version 2 (SSLv2) and Transport Layer Security version 1 (TLSv1). There are
four SSL protocol modes in which the Web I/O Accelerator can operate:
SSL Ciphersuite
SSL Certfile
SSL Keyfile
SSL Keypass
Sticky
Target Host:Port
This is the IP address and accompanying port of the web server that the
Web I/O Accelerator will accelerate. Depending upon the Web I/O Accelerator model, you may be able to enter IP addresses and ports for up to
eight Target Hosts.
Target Name
This is the fully-qualified host name which clients use to reach your website
or the servers you are accelerating.
Virtual IP Address
This is the IP address to which all incoming web traffic should be routed. It
should be different from the IP address(es) you specified on the Network
Settings page.
Virtual IP Netmask
The proper subnet mask for a device with the given Virtual IP Address.
WebUI Port
This is the port on which the administration web server (WebUI) listens. For
example, if you set this to 8090, you can connect to the T|X by typing
something like http://redlinename.yourdomain.com:8090
328
Appendix A. Glossary
WebUI SSL
Turn SSL on or off for the administration web server (WebUI). The first
time, this must be performed in the Command Line Interface (CLI), and you
will be prompted to generate a certificate.
329
Apprndix A. Glossary
330
Appendix B.
List of Events
EMERG Events
T|X Server was started
Not licensed for this device
Table 2-1
Description
ALERT Events
Table 2-2
Description
331
Table 2-2
Description
Illegal replay from <target_server> (HTTP <http version>) for a request <url_requested> (no Contentlength/chunking/connection: Close)
Illegal reply from <target_server> (HTTP <http version>) for a request <url_requested> (no Contentlength/keep-alive set)
332
Table 2-2
Description
VIP <vip> up
333
334
Appendix C.
Cipher Suites
The Cipher Suites that are supported are shown in Table C-1. This information can also be
found in the Setting up the T|X or E|X for SSL Traffic chapter of the Installation and
Administration Guide.
Table C-1
RC4-MD5
RC4-SHA
EXP-RC4-MD5
EXP-RC2-CBC-MD5
EXP1024-RC4-MD5
EXP1024-RC2-CBC-MD5
RC4-MD5
RC4-SHA
AES256-SHA
AES128-SHA
IDEA-CBC-SHA
IDEA-CBC-MD5
The fastest cipher suites from both the Strong and Export
groups.
EXP-RC4-MD5
EXP-RC2-CBC-MD5
EXP1024-RC4-MD5
EXP1024-RC2-CBC-MD5
DES-CBC-MD5
DES-CBC-SHA
Description
Strong + Export.
RC4-MD5
RC4-SHA
DES-CBC-MD5
DES-CBC-SHA
DES-CBC3-MD5
DES-CBC3-SHA
AES256-SHA
AES128-SHA
IDEA-CBC-SHA
IDEA-CBC-MD5
EXP-RC4-MD5
EXP-RC2-CBC-MD5
EXP1024-RC4-MD5
EXP1024-RC2-CBC-MD5
335
336